General
-
Target
oYjSB6
-
Size
506B
-
Sample
241007-3wkmcssgje
-
MD5
5d307b58f542f05f2c4d1176d40fe005
-
SHA1
ae08b71cc7bd77b57be3b42b6ef83445d988a7f4
-
SHA256
c70552bcbc989720786647e63989f757d7d08b4f29f2136cb34611ba71ddbc2d
-
SHA512
68244fde19e25412907a3de3baf32355aefb12327e8f605ada10d5c797c08d741857062658ae8f14742ee953f607b27c20e216aa59a5f50059e3595be1fa23ae
Static task
static1
Behavioral task
behavioral1
Sample
oYjSB6.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
oYjSB6.html
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
test
luascript-28488.portmap.host:28488
0be49127-6a01-4931-8d7c-84035856367f
-
encryption_key
61968CB017546A59BB42F884A73D1899C4140210
-
install_name
celexv2.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
.
-
subdirectory
SubDir
Targets
-
-
Target
oYjSB6
-
Size
506B
-
MD5
5d307b58f542f05f2c4d1176d40fe005
-
SHA1
ae08b71cc7bd77b57be3b42b6ef83445d988a7f4
-
SHA256
c70552bcbc989720786647e63989f757d7d08b4f29f2136cb34611ba71ddbc2d
-
SHA512
68244fde19e25412907a3de3baf32355aefb12327e8f605ada10d5c797c08d741857062658ae8f14742ee953f607b27c20e216aa59a5f50059e3595be1fa23ae
-
Quasar payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1