General
-
Target
2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f.exe
-
Size
3.1MB
-
Sample
250120-gj64yavken
-
MD5
fbea67e43074abf3a3524c5110e933d4
-
SHA1
2fb7d4fd691be43f1420bc62556744264d43d391
-
SHA256
2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f
-
SHA512
e0e5ca07f0c78c000a9979d533febc9e64f9f4373d1499acad5a39349285fa56be10849372a4410b3dd97a30d1e46040845c568aa2f09a8b5a08419c2c02795b
-
SSDEEP
49152:mvDI22SsaNYfdPBldt698dBcjHM/RJ6bbR3LoGdOTHHB72eh2NT4:mv822SsaNYfdPBldt6+dBcjHM/RJ6t4
Behavioral task
behavioral1
Sample
2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
SvchostMan
121.89.184.234:4782
106.241.55.218:4782
3094dfa3-6b09-4170-abb5-cd6f0b055018
-
encryption_key
A5C933A97D91C5A7CDBF6D4FF8D161BFBC686474
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Svc Name
-
subdirectory
drivers
Targets
-
-
Target
2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f.exe
-
Size
3.1MB
-
MD5
fbea67e43074abf3a3524c5110e933d4
-
SHA1
2fb7d4fd691be43f1420bc62556744264d43d391
-
SHA256
2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f
-
SHA512
e0e5ca07f0c78c000a9979d533febc9e64f9f4373d1499acad5a39349285fa56be10849372a4410b3dd97a30d1e46040845c568aa2f09a8b5a08419c2c02795b
-
SSDEEP
49152:mvDI22SsaNYfdPBldt698dBcjHM/RJ6bbR3LoGdOTHHB72eh2NT4:mv822SsaNYfdPBldt6+dBcjHM/RJ6t4
Score10/10-
Quasar family
-
Quasar payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Drops file in System32 directory
-