General
-
Target
Synapse X.exe
-
Size
3.1MB
-
Sample
241103-xtt55atrhr
-
MD5
e78c57ec9112a2860d4c07e1535452c6
-
SHA1
cfb8f58daaa9ae932b2e55c04eb887210cbf0a41
-
SHA256
64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746
-
SHA512
50597692c65f476d3f96d43fc97813c2747cacccd542eaf82cb736827ba02fb291e905b9a7410f891eee394f2252f37aceaf26fbc8dcef0ebdd21fbe37fcaf93
-
SSDEEP
49152:bv2I22SsaNYfdPBldt698dBcjH4CD1JoLoGdESTHHB72eh2NT:bvb22SsaNYfdPBldt6+dBcjH4CK
Malware Config
Extracted
quasar
1.4.1
Office04
Inversin-43597.portmap.host:43597
80329fd2-f063-4b06-9c7e-8dbc6278c2a3
-
encryption_key
744EA1A385FEBC6DA96387411B7000D77E66B075
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
java updater
-
subdirectory
SubDir
Targets
-
-
Target
Synapse X.exe
-
Size
3.1MB
-
MD5
e78c57ec9112a2860d4c07e1535452c6
-
SHA1
cfb8f58daaa9ae932b2e55c04eb887210cbf0a41
-
SHA256
64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746
-
SHA512
50597692c65f476d3f96d43fc97813c2747cacccd542eaf82cb736827ba02fb291e905b9a7410f891eee394f2252f37aceaf26fbc8dcef0ebdd21fbe37fcaf93
-
SSDEEP
49152:bv2I22SsaNYfdPBldt698dBcjH4CD1JoLoGdESTHHB72eh2NT:bvb22SsaNYfdPBldt6+dBcjH4CK
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-