General
-
Target
0c904ce53aeca5d0e078e752c24dc3bed47b74d22f9158b6b4fb56d55c178ae0.zip
-
Size
29.6MB
-
Sample
241219-nq5ysaspct
-
MD5
28aa0a10eb0ca8469e3fc4857bff7552
-
SHA1
4136d0e5c59bbbb3d89dbeb926ed9d38561c412d
-
SHA256
0c904ce53aeca5d0e078e752c24dc3bed47b74d22f9158b6b4fb56d55c178ae0
-
SHA512
279a4ab993f0efc6ef6ec5140f71905bd9f3120344bc666f0e9f36054fd706d145fcddcd713add6ffd6204b213c9c0900a69bea757622710b68dc87a43cc9f76
-
SSDEEP
786432:qgi48KFglmpGp2Ey3CuYTRb4lFBXDorLwDUzZsMX+lBLu5:qg/gyGp2E5ukb2dorUU2MmLu5
Static task
static1
Behavioral task
behavioral1
Sample
viltracoin-qt.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Viltrac
51.15.17.193:4782
d099b659-69af-41e2-9d7f-a5e64da5be06
-
encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
viltracoin-qt.exe
-
Size
82.5MB
-
MD5
959a666390a5dcad9994b132fd286ef8
-
SHA1
a2d17928f1e7178c25fe0dd07bdb3f2bd9f6c4ca
-
SHA256
4feb1b58d3941d021d0525cf544ea5df9fc3e3ed3d32a621801072ad3a5a4da8
-
SHA512
fcbe47048a4448c51b042832c8ff2766798682fb7cf4ce68e2b1523d6f14f39b1a43c7f3eec28005314c22e86060d476552606900e382c5c425abc729877b946
-
SSDEEP
393216:34TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2X:3KRVQxhu0P8Lq1LEvxOOx5Sh
-
Quasar family
-
Quasar payload
-
System Binary Proxy Execution: Regsvcs/Regasm
Abuse Regasm to proxy execution of malicious code.
-
Drops startup file
-
Executes dropped EXE
-