General
-
Target
Bootstrapper.exe
-
Size
3.1MB
-
Sample
241217-e28pda1qdk
-
MD5
972d7bcd3eb4daaa0ef69215d91e41d9
-
SHA1
d3bcc25f8585405642a113ae6bae503648a765a2
-
SHA256
bfb28a852b12a795fb4d21fbe2b2f4c56e9742cbeace1cf9564b97bda1d08e55
-
SHA512
17433b55a5f0f61b0db42e22f975c4fa96298bc79a7a15b34d5342057bbf97a5229b23a7a12cc4a02afb48e485a2ae4ff05892b132ef19d145f2997814885cf0
-
SSDEEP
49152:bvblL26AaNeWgPhlmVqvMQ7XSKjBOEEqk7k/8FFoGdRnggTHHB72eh2NT:bvBL26AaNeWgPhlmVqkQ7XSKjBOjT
Behavioral task
behavioral1
Sample
Bootstrapper.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Bootstrapper.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
rat client
AMNSALKSamongus-47679.portmap.host:4782
d3bc3858-ff4a-4aa8-97ec-67721ddcdeeb
-
encryption_key
C8D618C9B5D2F91FFC94B6E9C868ECF80EB774F8
-
install_name
Client.exe
-
log_directory
ratted client
-
reconnect_delay
3000
-
startup_key
RedTiger Tool v6.1
-
subdirectory
SubDir
Targets
-
-
Target
Bootstrapper.exe
-
Size
3.1MB
-
MD5
972d7bcd3eb4daaa0ef69215d91e41d9
-
SHA1
d3bcc25f8585405642a113ae6bae503648a765a2
-
SHA256
bfb28a852b12a795fb4d21fbe2b2f4c56e9742cbeace1cf9564b97bda1d08e55
-
SHA512
17433b55a5f0f61b0db42e22f975c4fa96298bc79a7a15b34d5342057bbf97a5229b23a7a12cc4a02afb48e485a2ae4ff05892b132ef19d145f2997814885cf0
-
SSDEEP
49152:bvblL26AaNeWgPhlmVqvMQ7XSKjBOEEqk7k/8FFoGdRnggTHHB72eh2NT:bvBL26AaNeWgPhlmVqkQ7XSKjBOjT
Score10/10-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-