General
-
Target
d08fbce12159858a1e805002d0100ad264d527df79f9c078bcb70737588cb03a.exe
-
Size
3.1MB
-
Sample
241104-degrpssama
-
MD5
1eaac929bfec99fbb06cf9871c9093ba
-
SHA1
d9b10f8785e173e2f210a36dc10db3367a076338
-
SHA256
d08fbce12159858a1e805002d0100ad264d527df79f9c078bcb70737588cb03a
-
SHA512
776168a0584fdf426c3e26289bcf8f918c63da20b04013b7fc0c920da2620c3e08b1857c13fadf7dc61109d2afc964f6493b2b74e815109238941246db4d0752
-
SSDEEP
49152:yv9t62XlaSFNWPjljiFa2RoUYIoPeEErHXk/uVMoGd6+THHB72eh2NTX:yv/62XlaSFNWPjljiFXRoUYIoPePyK
Behavioral task
behavioral1
Sample
d08fbce12159858a1e805002d0100ad264d527df79f9c078bcb70737588cb03a.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Office04
45.95.214.119:1604
f9f58545-e044-4981-817b-950eaa1429c9
-
encryption_key
B45F6102F44CEBC69B790BA64CFCD6C9F8E03CE3
-
install_name
sys.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Skype
-
subdirectory
sys64
Targets
-
-
Target
d08fbce12159858a1e805002d0100ad264d527df79f9c078bcb70737588cb03a.exe
-
Size
3.1MB
-
MD5
1eaac929bfec99fbb06cf9871c9093ba
-
SHA1
d9b10f8785e173e2f210a36dc10db3367a076338
-
SHA256
d08fbce12159858a1e805002d0100ad264d527df79f9c078bcb70737588cb03a
-
SHA512
776168a0584fdf426c3e26289bcf8f918c63da20b04013b7fc0c920da2620c3e08b1857c13fadf7dc61109d2afc964f6493b2b74e815109238941246db4d0752
-
SSDEEP
49152:yv9t62XlaSFNWPjljiFa2RoUYIoPeEErHXk/uVMoGd6+THHB72eh2NTX:yv/62XlaSFNWPjljiFXRoUYIoPePyK
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-