General
-
Target
testv12.exe
-
Size
3.1MB
-
Sample
241216-1yf1vaslfj
-
MD5
8f131c77156b85ca15444aabe87333ef
-
SHA1
5402d8163423097e863bea234d211f5b13258a4b
-
SHA256
84386ba4be46d6a071c25da1ec4f339817aeaad478a6ca9453e1935205571f20
-
SHA512
95f05308d912a25b42a73e09c061ee88cedadb5080653ae8ae794f4de6e581c099f49dbc7943f54be838b72ac7649ff573f63e7326c0a8688e7508b62deb90b0
-
SSDEEP
49152:Xv3lL26AaNeWgPhlmVqvMQ7XSKC1mKmzOUoGdcQTHHB72eh2NT:Xv1L26AaNeWgPhlmVqkQ7XSKC1mp
Behavioral task
behavioral1
Sample
testv12.exe
Resource
win7-20241010-en
Malware Config
Extracted
quasar
1.4.1
Office04
4.tcp.eu.ngrok.io:16602
4.tcp.eu.ngrok.io:7724
af6a836a-9106-4785-8dce-1ced637f2ecd
-
encryption_key
50B793FC4C8129DCCC330E337AEC3777884F3B64
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
testv12.exe
-
Size
3.1MB
-
MD5
8f131c77156b85ca15444aabe87333ef
-
SHA1
5402d8163423097e863bea234d211f5b13258a4b
-
SHA256
84386ba4be46d6a071c25da1ec4f339817aeaad478a6ca9453e1935205571f20
-
SHA512
95f05308d912a25b42a73e09c061ee88cedadb5080653ae8ae794f4de6e581c099f49dbc7943f54be838b72ac7649ff573f63e7326c0a8688e7508b62deb90b0
-
SSDEEP
49152:Xv3lL26AaNeWgPhlmVqvMQ7XSKC1mKmzOUoGdcQTHHB72eh2NT:Xv1L26AaNeWgPhlmVqkQ7XSKC1mp
-
Quasar family
-
Quasar payload
-
Legitimate hosting services abused for malware hosting/C2
-