General
-
Target
4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda
-
Size
3.1MB
-
Sample
241216-1fs8fs1kaw
-
MD5
0e544c7dccc5ac91a382ba67577d7cd6
-
SHA1
44b0868b7a9b0bf5c20ebeae736ddaeb2385fd92
-
SHA256
4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda
-
SHA512
c8544b538f74cfe5b397e958859b6145630db440c6b3700bb3751aa29ed7ac88ab34b9e9896ef70d25275deed05a937b4112932b879db7e93fdd0e2a5929e309
-
SSDEEP
49152:bv4uf2NUaNmwzPWlvdaKM7ZxTw678gbR4LoGdgaTHHB72eh2NT:bv3f2NUaNmwzPWlvdaB7ZxTw678n
Behavioral task
behavioral1
Sample
4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda.exe
Resource
win7-20240729-en
Malware Config
Extracted
quasar
1.4.1
Stinky
ef3243fsert34.ddns.net:47820
anthonyngati.ddns.net:3872
60cba0a9-0a63-450c-9567-57ef0e3c2e24
-
encryption_key
7A23123B6E1E0CCDB27477C6C7654C7BE2FEDE54
-
install_name
sru.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
xml
-
subdirectory
sru
Targets
-
-
Target
4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda
-
Size
3.1MB
-
MD5
0e544c7dccc5ac91a382ba67577d7cd6
-
SHA1
44b0868b7a9b0bf5c20ebeae736ddaeb2385fd92
-
SHA256
4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda
-
SHA512
c8544b538f74cfe5b397e958859b6145630db440c6b3700bb3751aa29ed7ac88ab34b9e9896ef70d25275deed05a937b4112932b879db7e93fdd0e2a5929e309
-
SSDEEP
49152:bv4uf2NUaNmwzPWlvdaKM7ZxTw678gbR4LoGdgaTHHB72eh2NT:bv3f2NUaNmwzPWlvdaB7ZxTw678n
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-