General
-
Target
ed340526b36db90f266db2a5f1c48c109ecc51ea6bdb9e907240c3da858b74e4
-
Size
3.1MB
-
Sample
241216-swxa2stnby
-
MD5
ff7d780fa5f307da8d52650d52c9f0f7
-
SHA1
3d687e6aa07995b8415a74cb5700b1abdb48ae3b
-
SHA256
ed340526b36db90f266db2a5f1c48c109ecc51ea6bdb9e907240c3da858b74e4
-
SHA512
4ba9b40ae829bec98a7bb156cb574d820b4aaaf4958d0543c9946afa2f5cbfc6989e6bed9ef507f16d9d540e7e85aab24be8d7a87689242610e586f270271e8f
-
SSDEEP
49152:Svht62XlaSFNWPjljiFa2RoUYIz5aqVkooGdoxTHHB72eh2NT:SvL62XlaSFNWPjljiFXRoUYIz5aqVN4
Behavioral task
behavioral1
Sample
ed340526b36db90f266db2a5f1c48c109ecc51ea6bdb9e907240c3da858b74e4.exe
Resource
win7-20241010-en
Malware Config
Extracted
quasar
1.4.1
Office04
0.tcp.us-cal-1.ngrok.io:15579
11bbf22e-826e-486b-b024-adbd86228a9e
-
encryption_key
7A589EDBC6A581E125BF830EF0D05FC74BB75E30
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ctfmon
-
subdirectory
SubDir
Targets
-
-
Target
ed340526b36db90f266db2a5f1c48c109ecc51ea6bdb9e907240c3da858b74e4
-
Size
3.1MB
-
MD5
ff7d780fa5f307da8d52650d52c9f0f7
-
SHA1
3d687e6aa07995b8415a74cb5700b1abdb48ae3b
-
SHA256
ed340526b36db90f266db2a5f1c48c109ecc51ea6bdb9e907240c3da858b74e4
-
SHA512
4ba9b40ae829bec98a7bb156cb574d820b4aaaf4958d0543c9946afa2f5cbfc6989e6bed9ef507f16d9d540e7e85aab24be8d7a87689242610e586f270271e8f
-
SSDEEP
49152:Svht62XlaSFNWPjljiFa2RoUYIz5aqVkooGdoxTHHB72eh2NT:SvL62XlaSFNWPjljiFXRoUYIz5aqVN4
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-