General
-
Target
Bootstrapper (extract.me)(1).zip
-
Size
1.3MB
-
Sample
240805-tr1nca1fqk
-
MD5
a3e58f4009dd652a7f9adaa8503bee03
-
SHA1
678b602ffe105001d5a7372bfedceb16b07e63a9
-
SHA256
81fa2f00f9af36db4b0add31164aca81e5a01f5498f8a6cb5fad5d5eb2d73000
-
SHA512
529246877c40387bee7da8b9922e38485c542bf7a45bd3d0d3ee1ceefe5b311e3c66e8b2b0b72fe7517d79015916c1e4592ecffd3bcc45171dba356ef03e1818
-
SSDEEP
24576:jpRma1YACmHZFVZRo6HYSS9p5abZ4Ffb5MNliPoePloqtkxBk2Xv/p+KY4V:243/HZTTuWZ4Ffsliz7tcbf/f1V
Behavioral task
behavioral1
Sample
Bootstrapper (extract.me)(1).zip
Resource
win11-20240802-en
Malware Config
Extracted
quasar
1.4.1
Office04
wefdwef-34180.portmap.host:34180
c4be1726-3f86-4f80-bc7c-0779b06ffeeb
-
encryption_key
97BF1FDCF446A7218FA05296FD8D8F0C41A6B1E7
-
install_name
Bootstrapper.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Spotify
-
subdirectory
system32
Targets
-
-
Target
Bootstrapper (extract.me)(1).zip
-
Size
1.3MB
-
MD5
a3e58f4009dd652a7f9adaa8503bee03
-
SHA1
678b602ffe105001d5a7372bfedceb16b07e63a9
-
SHA256
81fa2f00f9af36db4b0add31164aca81e5a01f5498f8a6cb5fad5d5eb2d73000
-
SHA512
529246877c40387bee7da8b9922e38485c542bf7a45bd3d0d3ee1ceefe5b311e3c66e8b2b0b72fe7517d79015916c1e4592ecffd3bcc45171dba356ef03e1818
-
SSDEEP
24576:jpRma1YACmHZFVZRo6HYSS9p5abZ4Ffb5MNliPoePloqtkxBk2Xv/p+KY4V:243/HZTTuWZ4Ffsliz7tcbf/f1V
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-
-
-
Target
Bootstrapper.exe
-
Size
3.1MB
-
MD5
14b871855a9046ef9aedeec80f9c2d86
-
SHA1
32c0ad34f524748b76c090fc881b75b928341e7e
-
SHA256
b14b916cd2f188ea09035489056e0bff9f8cb8e4a30eff50172f86319fabc940
-
SHA512
7ada8280b9a5a4dcb427da5f7634335c191645614148ed550dbbbacfaed72e1e99202caedddc02f48dc73d96bf0ecd4d35c2ed2d6206e9b25efba4f29dcc8e96
-
SSDEEP
49152:3v7lL26AaNeWgPhlmVqvMQ7XSKlfyCC4KgoGdulF8THHB72eh2NT:3vhL26AaNeWgPhlmVqkQ7XSKlfyg
-
Quasar payload
-
Executes dropped EXE
-