General
-
Target
Panel Ejecutador MTA 3.14.zip
-
Size
1.1MB
-
Sample
241214-bwg3patrel
-
MD5
d345c2eb24b0d3806865fda604ad1cc8
-
SHA1
6b813317f6108f2c242babda58097070503df242
-
SHA256
9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908
-
SHA512
76c941b833ffcef6da121c2e2735952ed81cbf7c6a6260a227040d37abf0adaa41461045c69710331345d52d95aac89ddf0a256ebc85fbdb2ed703106999ab74
-
SSDEEP
24576:ioRau4l48JTUIlfSsqFDxCs3+UgQYuX370FBZa:ioRUv5UIYsqOs3+UPY234m
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
azxq0ap.localto.net:3425
e51e2b65-e963-4051-9736-67d57ed46798
-
encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
-
install_name
WindowsUpdate.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WindowsUpdate
-
subdirectory
SubDir
Targets
-
-
Target
Panel Ejecutador MTA 3.14.zip
-
Size
1.1MB
-
MD5
d345c2eb24b0d3806865fda604ad1cc8
-
SHA1
6b813317f6108f2c242babda58097070503df242
-
SHA256
9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908
-
SHA512
76c941b833ffcef6da121c2e2735952ed81cbf7c6a6260a227040d37abf0adaa41461045c69710331345d52d95aac89ddf0a256ebc85fbdb2ed703106999ab74
-
SSDEEP
24576:ioRau4l48JTUIlfSsqFDxCs3+UgQYuX370FBZa:ioRUv5UIYsqOs3+UPY234m
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-