General
-
Target
PORQUEPUTASYANOSIRVE.exe
-
Size
3.1MB
-
Sample
241117-1rymbatngq
-
MD5
73565f33ed4d8741291cbb30409f1727
-
SHA1
4d3a54b28f3ea80f884a25905e27165bdc353109
-
SHA256
aafe953e627f9e733e101d7211f0c9594dbdf82ec4019b2c9aa361cbc478f0de
-
SHA512
d897b098ddcdc94ac9177bc9a90b700c8b9a7cfafa74f729beebf74a094f76a7bd69e764711bdfedcdd231465daef16e937676e391ca2c010df03fecc863b583
-
SSDEEP
49152:uvyI22SsaNYfdPBldt698dBcjHdtRJ6CbR3LoGd7THHB72eh2NT:uvf22SsaNYfdPBldt6+dBcjHdtRJ68
Malware Config
Extracted
quasar
1.4.1
Office04
azxq0ap.localto.net:3425
e51e2b65-e963-4051-9736-67d57ed46798
-
encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
PORQUEPUTASYANOSIRVE.exe
-
Size
3.1MB
-
MD5
73565f33ed4d8741291cbb30409f1727
-
SHA1
4d3a54b28f3ea80f884a25905e27165bdc353109
-
SHA256
aafe953e627f9e733e101d7211f0c9594dbdf82ec4019b2c9aa361cbc478f0de
-
SHA512
d897b098ddcdc94ac9177bc9a90b700c8b9a7cfafa74f729beebf74a094f76a7bd69e764711bdfedcdd231465daef16e937676e391ca2c010df03fecc863b583
-
SSDEEP
49152:uvyI22SsaNYfdPBldt698dBcjHdtRJ6CbR3LoGd7THHB72eh2NT:uvf22SsaNYfdPBldt6+dBcjHdtRJ68
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-