General
-
Target
incognito.exe
-
Size
3.1MB
-
Sample
240806-pa3ddssfjh
-
MD5
b77974010936f4479bf1cf760a4aa5d7
-
SHA1
07c90a99919bd4febfff9a943a610cf810cea5ae
-
SHA256
2cbde10dd87ea27ad229cc4d170de1aef0a35b24625a8a2fbba56752f5f7ea26
-
SHA512
aa6ed9a296f3d144645d22ff86eb436623a3303de5efb249af3367de11957c4a08dc77882e8bca8c86a661eeedfe17ddb417eddd1255ce27dc2c58a47296ee3c
-
SSDEEP
49152:HvrI22SsaNYfdPBldt698dBcjH26RJ6GbR3LoGdgBETHHB72eh2NT:HvU22SsaNYfdPBldt6+dBcjH26RJ6AY
Malware Config
Extracted
quasar
1.4.1
Office04
gakimyny-40562.portmap.host:40562
3190392e-398a-49b5-b000-b1f2ad7b563e
-
encryption_key
C82052C6AA81D4430841915516E777F1172AA1B4
-
install_name
incognito.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
JavaUpdater
-
subdirectory
SubDir
Targets
-
-
Target
incognito.exe
-
Size
3.1MB
-
MD5
b77974010936f4479bf1cf760a4aa5d7
-
SHA1
07c90a99919bd4febfff9a943a610cf810cea5ae
-
SHA256
2cbde10dd87ea27ad229cc4d170de1aef0a35b24625a8a2fbba56752f5f7ea26
-
SHA512
aa6ed9a296f3d144645d22ff86eb436623a3303de5efb249af3367de11957c4a08dc77882e8bca8c86a661eeedfe17ddb417eddd1255ce27dc2c58a47296ee3c
-
SSDEEP
49152:HvrI22SsaNYfdPBldt698dBcjH26RJ6GbR3LoGdgBETHHB72eh2NT:HvU22SsaNYfdPBldt6+dBcjH26RJ6AY
-
Quasar payload
-
Executes dropped EXE
-