General
-
Target
celery installer.exe
-
Size
3.1MB
-
Sample
240804-t8zsdazdmm
-
MD5
45f959942912fbcd1653b538332c5ec9
-
SHA1
7fdcd65b7bd7d5bdbc279e0b4fa6eebb8c36fca1
-
SHA256
6b400e1fc91d48c849aa79f355b641d35658188d668686ad7192333e9b92a1ae
-
SHA512
9072548e7a5e8f92a910c8621ff1a67fba6dcc4aa3c7af82047bdfdb86165d6d3466ed32081ef87816ccc04b6549367ec65fa2d69e8865ef0d42b6befe26f466
-
SSDEEP
49152:PvflL26AaNeWgPhlmVqvMQ7XSK5+DkE2Hak/+F+oGdzuLTHHB72eh2NT:PvtL26AaNeWgPhlmVqkQ7XSK5+DbQC
Behavioral task
behavioral1
Sample
celery installer.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.1
Office04
Joesnazzy-26854.portmap.host:26854
0e3df0a7-c843-43da-81c8-d9c01f85801a
-
encryption_key
FE31C9B3146C7F6C565D8024D45CF71A2F7A3888
-
install_name
celery.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
windows defender
-
subdirectory
SubDir
Targets
-
-
Target
celery installer.exe
-
Size
3.1MB
-
MD5
45f959942912fbcd1653b538332c5ec9
-
SHA1
7fdcd65b7bd7d5bdbc279e0b4fa6eebb8c36fca1
-
SHA256
6b400e1fc91d48c849aa79f355b641d35658188d668686ad7192333e9b92a1ae
-
SHA512
9072548e7a5e8f92a910c8621ff1a67fba6dcc4aa3c7af82047bdfdb86165d6d3466ed32081ef87816ccc04b6549367ec65fa2d69e8865ef0d42b6befe26f466
-
SSDEEP
49152:PvflL26AaNeWgPhlmVqvMQ7XSK5+DkE2Hak/+F+oGdzuLTHHB72eh2NT:PvtL26AaNeWgPhlmVqkQ7XSK5+DbQC
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-