General
-
Target
1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1.exe
-
Size
3.1MB
-
Sample
241217-cqtd7sxlfy
-
MD5
7aa529f2db5a30ed1b868c90e872ec57
-
SHA1
f384f3c375411eea2c72cdc15c6252102535656a
-
SHA256
1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1
-
SHA512
404f3ba56677f362129b8352f0585e13f86e8f6a6570ca1deaed9551f01fea43b523d0318e314d5d99b371a2c44ac8ed9a4dae19788b10df325147b17d0a2120
-
SSDEEP
49152:avht62XlaSFNWPjljiFa2RoUYIb3RJ6PbR3LoGdarTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYIb3RJ6h
Behavioral task
behavioral1
Sample
1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Office04
0.tcp.us-cal-1.ngrok.io:15579
11bbf22e-826e-486b-b024-adbd86228a9e
-
encryption_key
7A589EDBC6A581E125BF830EF0D05FC74BB75E30
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ctfmon
-
subdirectory
SubDir
Targets
-
-
Target
1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1.exe
-
Size
3.1MB
-
MD5
7aa529f2db5a30ed1b868c90e872ec57
-
SHA1
f384f3c375411eea2c72cdc15c6252102535656a
-
SHA256
1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1
-
SHA512
404f3ba56677f362129b8352f0585e13f86e8f6a6570ca1deaed9551f01fea43b523d0318e314d5d99b371a2c44ac8ed9a4dae19788b10df325147b17d0a2120
-
SSDEEP
49152:avht62XlaSFNWPjljiFa2RoUYIb3RJ6PbR3LoGdarTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYIb3RJ6h
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-