General
-
Target
SolaraExecutor.exe
-
Size
1.5MB
-
Sample
250518-zkeeescr8w
-
MD5
ef613eb8a8624ddeb3aec0f37eab6f4e
-
SHA1
8b333a64ce1655c42a8e39ee178c5966cc6ee502
-
SHA256
1aef924860dc48e0ce4129fffa1b8bb2967323875ba169b87bcef95093f080b8
-
SHA512
88815fe5c5d2633d46a0e295dfb5d8b904783fea67e40cf8dfa1b4330d0cb16002f39cdb825346a33b41a9570a7c06c558fe29df21839b05366d8dbdd05c8106
-
SSDEEP
24576:ipL3MU15qwS2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9ls2gSbD:ipX15v7wR2EgKKm77LrwCB6Ae
Malware Config
Extracted
quasar
1.6.0
Necrum
specific-ibm.gl.at.ply.gg:35299
cd704468-93ff-41a0-92f4-2645a69a5cfc
-
encryption_key
AB0689621AFC4D653B4FB13A99B3761B0E9CE72C
-
install_name
SolaraExecutor.exe
-
key_salt
5a23f8394640cb9e40658446a04c0bbae82dc93d0470e1b2a406a90fd2520382
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SolaraExecutor
-
subdirectory
SubDir
Targets
-
-
Target
SolaraExecutor.exe
-
Size
1.5MB
-
MD5
ef613eb8a8624ddeb3aec0f37eab6f4e
-
SHA1
8b333a64ce1655c42a8e39ee178c5966cc6ee502
-
SHA256
1aef924860dc48e0ce4129fffa1b8bb2967323875ba169b87bcef95093f080b8
-
SHA512
88815fe5c5d2633d46a0e295dfb5d8b904783fea67e40cf8dfa1b4330d0cb16002f39cdb825346a33b41a9570a7c06c558fe29df21839b05366d8dbdd05c8106
-
SSDEEP
24576:ipL3MU15qwS2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9ls2gSbD:ipX15v7wR2EgKKm77LrwCB6Ae
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-