General
-
Target
Windows-Activation.exe
-
Size
3.1MB
-
Sample
241219-3yvv4stmfs
-
MD5
ae747de0584eeab55957aa8ec12ba488
-
SHA1
41483b8e1ff488a546e08de74ac09300fe63c80b
-
SHA256
300bad38953dd87cda952bb60f1999a5ea1f9c0f64a3f0f842633b982b15194b
-
SHA512
f744156f05ebe0adbbe0e3973783e60e0d2b98ea8c33a147f0e1afe1cdd749b994453b7da4f8c45c73af0569453f85dacddde57820aa1f9a94e3f7350445b68c
-
SSDEEP
49152:evBt62XlaSFNWPjljiFa2RoUYIRetwHBxjooGd33THHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIyw4
Behavioral task
behavioral1
Sample
Windows-Activation.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Windows-Activation.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
Svchost.exe
192.168.1.190:4782
75ec4d04-9201-465b-9d52-07fbf8901610
-
encryption_key
BC9F0EB6E1FA6B8559DDF8DE0AEF08110EBCF8E5
-
install_name
Svchostt.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Svchostt.exe
Targets
-
-
Target
Windows-Activation.exe
-
Size
3.1MB
-
MD5
ae747de0584eeab55957aa8ec12ba488
-
SHA1
41483b8e1ff488a546e08de74ac09300fe63c80b
-
SHA256
300bad38953dd87cda952bb60f1999a5ea1f9c0f64a3f0f842633b982b15194b
-
SHA512
f744156f05ebe0adbbe0e3973783e60e0d2b98ea8c33a147f0e1afe1cdd749b994453b7da4f8c45c73af0569453f85dacddde57820aa1f9a94e3f7350445b68c
-
SSDEEP
49152:evBt62XlaSFNWPjljiFa2RoUYIRetwHBxjooGd33THHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIyw4
Score10/10-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-