General
-
Target
5420cbc5d6be7831ccd48e8c7860f7d5c1060db80ed82063258f81c777aca8f1.exe
-
Size
3.1MB
-
Sample
241217-c8cjeayqbp
-
MD5
2fd750229aa6122c30607bb59293a909
-
SHA1
0feb9d22c13e6c2d19942788a49721db23e48d35
-
SHA256
5420cbc5d6be7831ccd48e8c7860f7d5c1060db80ed82063258f81c777aca8f1
-
SHA512
772b515f3efcff2a0fde47c125f9531d50028394a6c758e45e54743298714d118edaa94c6a67034a8a1cdce06f68342acee5b0fc0bc5ca610d28e8b8a6f52dec
-
SSDEEP
49152:Dvht62XlaSFNWPjljiFa2RoUYImsRJ6abR3LoGdlTHHB72eh2NT:DvL62XlaSFNWPjljiFXRoUYImsRJ60
Behavioral task
behavioral1
Sample
5420cbc5d6be7831ccd48e8c7860f7d5c1060db80ed82063258f81c777aca8f1.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Office04
0.tcp.us-cal-1.ngrok.io:11837
11bbf22e-826e-486b-b024-adbd86228a9e
-
encryption_key
7A589EDBC6A581E125BF830EF0D05FC74BB75E30
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ctfmon
-
subdirectory
SubDir
Targets
-
-
Target
5420cbc5d6be7831ccd48e8c7860f7d5c1060db80ed82063258f81c777aca8f1.exe
-
Size
3.1MB
-
MD5
2fd750229aa6122c30607bb59293a909
-
SHA1
0feb9d22c13e6c2d19942788a49721db23e48d35
-
SHA256
5420cbc5d6be7831ccd48e8c7860f7d5c1060db80ed82063258f81c777aca8f1
-
SHA512
772b515f3efcff2a0fde47c125f9531d50028394a6c758e45e54743298714d118edaa94c6a67034a8a1cdce06f68342acee5b0fc0bc5ca610d28e8b8a6f52dec
-
SSDEEP
49152:Dvht62XlaSFNWPjljiFa2RoUYImsRJ6abR3LoGdlTHHB72eh2NT:DvL62XlaSFNWPjljiFXRoUYImsRJ60
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-