General
-
Target
Licencia contraseña 1234.zip
-
Size
1.1MB
-
Sample
241228-1dyp6aslfw
-
MD5
737f6281fd4d983e3224a410f1149efb
-
SHA1
55c486ac423393fefcceab02ff7ba72a7d23b327
-
SHA256
2a69213a7677e532af714831eff3f7bbca5a8b578bad3ba018a11c447a9eb422
-
SHA512
7925ba5ca0d962f9cb1987df71168cad02885b5cd4cdaa546314dfcceff2edded45f8209521700da964686c276dfe681f05ca559c543cf4a75ba2741b3f4bb52
-
SSDEEP
24576:T+E+8LclAGQ6vGayPt+5V80boRRIzxfS1xzvmJehMnrX6FkLyAKa5esH:TY8LXSubKm06RIzxOVmYGnrfLfKK9
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
azxq0ap.localto.net:3425
e51e2b65-e963-4051-9736-67d57ed46798
-
encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
-
install_name
WindowsUpdate.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WindowsUpdate
-
subdirectory
SubDir
Targets
-
-
Target
Licencia contraseña 1234.zip
-
Size
1.1MB
-
MD5
737f6281fd4d983e3224a410f1149efb
-
SHA1
55c486ac423393fefcceab02ff7ba72a7d23b327
-
SHA256
2a69213a7677e532af714831eff3f7bbca5a8b578bad3ba018a11c447a9eb422
-
SHA512
7925ba5ca0d962f9cb1987df71168cad02885b5cd4cdaa546314dfcceff2edded45f8209521700da964686c276dfe681f05ca559c543cf4a75ba2741b3f4bb52
-
SSDEEP
24576:T+E+8LclAGQ6vGayPt+5V80boRRIzxfS1xzvmJehMnrX6FkLyAKa5esH:TY8LXSubKm06RIzxOVmYGnrfLfKK9
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-