General
-
Target
Client-built.bat
-
Size
1.6MB
-
Sample
241224-fybe5sskdk
-
MD5
a7aa482ba1ee0ea8d147d628d5a65f05
-
SHA1
91e3a640c294a36697d9759a29072fdb4ab62346
-
SHA256
79173bee83878cae44d9fc21fa85590711a92edc2d43caafb1350eb2800e72d7
-
SHA512
a27dae71d85910609682cc324d4c4cf5c2e772f0a57209d2fbdc3e345538487d1262148b01b16df8cfb52c3c2a72ae04eb381f7dcf33d77c01d532d421e93a32
-
SSDEEP
24576:tkjkTu1rkvOjvCsDjTprQ50JDzRj2umzby88rBFjB9a/In5PJBmpR4JRej08SG84:t859kWf+gEJe8yBBl+pIVX4
Static task
static1
Behavioral task
behavioral1
Sample
Client-built.bat
Resource
win7-20241023-en
Malware Config
Extracted
quasar
1.4.1
Office04
85.209.133.15:111
4427abb1-66d5-405b-a340-061f8386d8c1
-
encryption_key
A0083941CFC8C27C9F733BBA0ECD4E4B76BD61E8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.bat
-
Size
1.6MB
-
MD5
a7aa482ba1ee0ea8d147d628d5a65f05
-
SHA1
91e3a640c294a36697d9759a29072fdb4ab62346
-
SHA256
79173bee83878cae44d9fc21fa85590711a92edc2d43caafb1350eb2800e72d7
-
SHA512
a27dae71d85910609682cc324d4c4cf5c2e772f0a57209d2fbdc3e345538487d1262148b01b16df8cfb52c3c2a72ae04eb381f7dcf33d77c01d532d421e93a32
-
SSDEEP
24576:tkjkTu1rkvOjvCsDjTprQ50JDzRj2umzby88rBFjB9a/In5PJBmpR4JRej08SG84:t859kWf+gEJe8yBBl+pIVX4
-
Quasar family
-
Quasar payload
-
Blocklisted process makes network request
-