General
-
Target
celexV2.exe.xex
-
Size
3.1MB
-
Sample
241009-nypa1ayamh
-
MD5
c35ba8f6d4a68f31510f76bab5b21229
-
SHA1
ffb2ad934416ccbd70674dcdc523210d3ce9b998
-
SHA256
891d304216b3c0f20c3543a111f864e7010190f89162bdee8d34e08e41b27fb6
-
SHA512
0700e458a11cbd4cd23ce22fb4d14cd6e129a74389851a22e7cdeab4b0de5067f4722858ff43e23637e057283260ceb3bf34deaf4b106340f97b834dffa8dd5e
-
SSDEEP
49152:ivPI22SsaNYfdPBldt698dBcjH7cw5bRvILoGd+fTHHB72eh2NT:ivA22SsaNYfdPBldt6+dBcjH7cwPmO
Behavioral task
behavioral1
Sample
celexV2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
test
luascript-28488.portmap.host:28488
0be49127-6a01-4931-8d7c-84035856367f
-
encryption_key
61968CB017546A59BB42F884A73D1899C4140210
-
install_name
celexv2.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
.
-
subdirectory
SubDir
Targets
-
-
Target
celexV2.exe.xex
-
Size
3.1MB
-
MD5
c35ba8f6d4a68f31510f76bab5b21229
-
SHA1
ffb2ad934416ccbd70674dcdc523210d3ce9b998
-
SHA256
891d304216b3c0f20c3543a111f864e7010190f89162bdee8d34e08e41b27fb6
-
SHA512
0700e458a11cbd4cd23ce22fb4d14cd6e129a74389851a22e7cdeab4b0de5067f4722858ff43e23637e057283260ceb3bf34deaf4b106340f97b834dffa8dd5e
-
SSDEEP
49152:ivPI22SsaNYfdPBldt698dBcjH7cw5bRvILoGd+fTHHB72eh2NT:ivA22SsaNYfdPBldt6+dBcjH7cwPmO
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1