General
-
Target
RedEngine.exe
-
Size
502KB
-
Sample
250211-3x28ssvncx
-
MD5
7178d81c9afdabb202f31315f7eed7e2
-
SHA1
527a063588b3e4d3acc04cf211d9b0df33f5ade2
-
SHA256
67e35ca53e1ee18113207c2edf4b165ae9158cfed151e08bac627327f9c60f21
-
SHA512
80b770bd2d3541400386c4aa446da8840823864a62d73554dd62ea08d5e9596f2b737fa8046eb6fb892690d115eb928022cdb1d24f4f8d9cf2e449adfd0809a5
-
SSDEEP
6144:9TEgdc0Y5XAGbgiIN2RSBTuYNzBlh/gKeFwQHocEhyb8F9ODx2cTR30:9TEgdfYVbg/uOiFwR12x2cd0
Behavioral task
behavioral1
Sample
RedEngine.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.0
TRAINING
185.241.208.185:16145
22073971-8d9a-4364-9916-abbb09ac9d8b
-
encryption_key
7A9A8376440E3257DB2B54403642F366A5FBE14A
-
install_name
Starter Module.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Starter Module
-
subdirectory
Modules
Targets
-
-
Target
RedEngine.exe
-
Size
502KB
-
MD5
7178d81c9afdabb202f31315f7eed7e2
-
SHA1
527a063588b3e4d3acc04cf211d9b0df33f5ade2
-
SHA256
67e35ca53e1ee18113207c2edf4b165ae9158cfed151e08bac627327f9c60f21
-
SHA512
80b770bd2d3541400386c4aa446da8840823864a62d73554dd62ea08d5e9596f2b737fa8046eb6fb892690d115eb928022cdb1d24f4f8d9cf2e449adfd0809a5
-
SSDEEP
6144:9TEgdc0Y5XAGbgiIN2RSBTuYNzBlh/gKeFwQHocEhyb8F9ODx2cTR30:9TEgdfYVbg/uOiFwR12x2cd0
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-