General
-
Target
Aimbot MTA.zip
-
Size
1.1MB
-
Sample
241228-hcshmswrdp
-
MD5
daa57cdeeab30823f89e5349b832a817
-
SHA1
feb679856d7a4a04d5e1a26e741dd6deb5ee0e88
-
SHA256
129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de
-
SHA512
1403f94c54374a91e8d9e29b594b490ff49c16b4bd404148157e7b2a7eb57beced3459e612045433e3b4a0f78aca93d34fe2f4c198fc5669dee85c139273f376
-
SSDEEP
24576:3bPC4RI32t9KyRPCKNJrYjWj1JkpsnWvWjI7mBPJiOMSeFAPNuHWE:rKsIm3K8voCApsnBnFJirjSU2E
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
azxq0ap.localto.net:3425
e51e2b65-e963-4051-9736-67d57ed46798
-
encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
-
install_name
WindowsUpdate.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WindowsUpdate
-
subdirectory
SubDir
Targets
-
-
Target
Aimbot MTA.zip
-
Size
1.1MB
-
MD5
daa57cdeeab30823f89e5349b832a817
-
SHA1
feb679856d7a4a04d5e1a26e741dd6deb5ee0e88
-
SHA256
129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de
-
SHA512
1403f94c54374a91e8d9e29b594b490ff49c16b4bd404148157e7b2a7eb57beced3459e612045433e3b4a0f78aca93d34fe2f4c198fc5669dee85c139273f376
-
SSDEEP
24576:3bPC4RI32t9KyRPCKNJrYjWj1JkpsnWvWjI7mBPJiOMSeFAPNuHWE:rKsIm3K8voCApsnBnFJirjSU2E
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-