General
-
Target
4119dedd1d6408f80505394a374cde76124a736913f958c878f54c16c98986e3
-
Size
3.1MB
-
Sample
241217-rqf67s1pcv
-
MD5
942d7d99678d584c4481278378741d51
-
SHA1
97efb624cfa34da0c5583e61a5982fd496de8e2d
-
SHA256
4119dedd1d6408f80505394a374cde76124a736913f958c878f54c16c98986e3
-
SHA512
0c1798628d5c90eaa6cf54277ab917408b5921e4f39ece0505510d9b7241df6748a365bc2a0a1cdaa24771f4ac56a9973a6515a0e32a14a66a9ed98c2871dfba
-
SSDEEP
49152:yvht62XlaSFNWPjljiFa2RoUYI4CZ1J5LoGdQPTHHB72eh2NT:yvL62XlaSFNWPjljiFXRoUYI4CT
Behavioral task
behavioral1
Sample
4119dedd1d6408f80505394a374cde76124a736913f958c878f54c16c98986e3.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Office04
4.tcp.us-cal-1.ngrok.io:18092
11bbf22e-826e-486b-b024-adbd86228a9e
-
encryption_key
7A589EDBC6A581E125BF830EF0D05FC74BB75E30
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ctfmon
-
subdirectory
SubDir
Targets
-
-
Target
4119dedd1d6408f80505394a374cde76124a736913f958c878f54c16c98986e3
-
Size
3.1MB
-
MD5
942d7d99678d584c4481278378741d51
-
SHA1
97efb624cfa34da0c5583e61a5982fd496de8e2d
-
SHA256
4119dedd1d6408f80505394a374cde76124a736913f958c878f54c16c98986e3
-
SHA512
0c1798628d5c90eaa6cf54277ab917408b5921e4f39ece0505510d9b7241df6748a365bc2a0a1cdaa24771f4ac56a9973a6515a0e32a14a66a9ed98c2871dfba
-
SSDEEP
49152:yvht62XlaSFNWPjljiFa2RoUYI4CZ1J5LoGdQPTHHB72eh2NT:yvL62XlaSFNWPjljiFXRoUYI4CT
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-