General
-
Target
incognito.exe
-
Size
3.1MB
-
Sample
240806-pn445sshqb
-
MD5
4e885e883cb02e14af809a2e8b4807b2
-
SHA1
61ffdce7aa773657e4e80bec8ae5581973d86f47
-
SHA256
544f0fca11640d5ee8773de000674d869833b834ae2819e5a9196351fb479c50
-
SHA512
884fbc32ea58d02a735ddf48ada2e2c9915581ff50679535bbb0d0cada6463b330454c6bbd66f7fee54f07d033b114816feeee527df9197cc87622029336227d
-
SSDEEP
49152:uvmI22SsaNYfdPBldt698dBcjHK5DGbRcLoGdz2lTHHB72eh2NT:uvr22SsaNYfdPBldt6+dBcjHK5DJD2
Malware Config
Extracted
quasar
1.4.1
Office04
/gakimyny-40562.portmap.host:4782
46e7ef3b-8d62-4396-a1b6-7d8a2353e907
-
encryption_key
4CCD03EE2B3F5EBE1286E32B25E48A9D2C6CC0F5
-
install_name
incognito.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
CrashHandler
-
subdirectory
SubDir
Targets
-
-
Target
incognito.exe
-
Size
3.1MB
-
MD5
4e885e883cb02e14af809a2e8b4807b2
-
SHA1
61ffdce7aa773657e4e80bec8ae5581973d86f47
-
SHA256
544f0fca11640d5ee8773de000674d869833b834ae2819e5a9196351fb479c50
-
SHA512
884fbc32ea58d02a735ddf48ada2e2c9915581ff50679535bbb0d0cada6463b330454c6bbd66f7fee54f07d033b114816feeee527df9197cc87622029336227d
-
SSDEEP
49152:uvmI22SsaNYfdPBldt698dBcjHK5DGbRcLoGdz2lTHHB72eh2NT:uvr22SsaNYfdPBldt6+dBcjHK5DJD2
-
Quasar payload
-
Executes dropped EXE
-