General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
241203-gb4c3sslfw
-
MD5
86bd4496eab8ed85c7806bbe8b4faeff
-
SHA1
93908110af4954cda171542785bf17c0203077f5
-
SHA256
a9704b9ec835390fe47e215aa4928bed85698818c5de90ad11e1bc61de12fff1
-
SHA512
53d49ada84dc2c712805beb18e00b10eb1d730ca9d02dc559b8c0594452eb2ac64af719cb26ec9b8cc4486969078e4640138a5be295f7e968fef2db4c08b1214
-
SSDEEP
49152:SvJI22SsaNYfdPBldt698dBcjH62RJ6GbR3LoGdOzGTHHB72eh2NT:Svq22SsaNYfdPBldt6+dBcjH62RJ6A
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240729-en
Malware Config
Extracted
quasar
1.4.1
victim
192.168.0.8:4782
b4f8207c-44c4-442b-9a76-0a5ef954b8b8
-
encryption_key
2EF56B2D5415EB3BBA2A2D7B6B83FB157B370CDE
-
install_name
cilent-bulit.exe
-
log_directory
Logs
-
reconnect_delay
100
-
startup_key
solara
-
subdirectory
cilent-bulit
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
86bd4496eab8ed85c7806bbe8b4faeff
-
SHA1
93908110af4954cda171542785bf17c0203077f5
-
SHA256
a9704b9ec835390fe47e215aa4928bed85698818c5de90ad11e1bc61de12fff1
-
SHA512
53d49ada84dc2c712805beb18e00b10eb1d730ca9d02dc559b8c0594452eb2ac64af719cb26ec9b8cc4486969078e4640138a5be295f7e968fef2db4c08b1214
-
SSDEEP
49152:SvJI22SsaNYfdPBldt698dBcjH62RJ6GbR3LoGdOzGTHHB72eh2NT:Svq22SsaNYfdPBldt6+dBcjH62RJ6A
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-