General
-
Target
Eggpy.exe
-
Size
3.3MB
-
Sample
241204-zcjdeazmet
-
MD5
311933ce408d4d388840c403a42324a8
-
SHA1
d8087493d05a664639ec0855bb636789be0bae53
-
SHA256
358d36db4fe4df0ae13317555061a4dc3033254f81f53fe78eb59ed84d3483dd
-
SHA512
965957a8e15ebd5ced85e827c9888ae69e2be563c0488b64d7c59eccf686330171a475beeae36140c271b06072c5675fe90ff9ef011cba396edd25df3928656b
-
SSDEEP
49152:ovKgo2QSaNpzyPllgamb0CZof/JaG83ear1LoGdHh7THHB72eh2NT/:ovjo2QSaNpzyPllgamYCZof/JE3VXw
Behavioral task
behavioral1
Sample
Eggpy.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Office04
AWZ3153-54894.portmap.host:54894
AWZ3153-54894.portmap.host:4782
504548b2-3cf4-4efe-90ce-156d3776854c
-
encryption_key
5F9B0D3C7007E834C112F6078ABD8C2684830A3F
-
install_name
cmdline.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
cmd
Targets
-
-
Target
Eggpy.exe
-
Size
3.3MB
-
MD5
311933ce408d4d388840c403a42324a8
-
SHA1
d8087493d05a664639ec0855bb636789be0bae53
-
SHA256
358d36db4fe4df0ae13317555061a4dc3033254f81f53fe78eb59ed84d3483dd
-
SHA512
965957a8e15ebd5ced85e827c9888ae69e2be563c0488b64d7c59eccf686330171a475beeae36140c271b06072c5675fe90ff9ef011cba396edd25df3928656b
-
SSDEEP
49152:ovKgo2QSaNpzyPllgamb0CZof/JaG83ear1LoGdHh7THHB72eh2NT/:ovjo2QSaNpzyPllgamYCZof/JE3VXw
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-