General
-
Target
dfsdf.exe
-
Size
3.1MB
-
Sample
240613-kvbzqa1hrh
-
MD5
44aaa2c8fd4f8705bed96d6e4cf0ab85
-
SHA1
2ab7832577f3407c85da9fa894b7cd16f346003d
-
SHA256
f804bfcdfac2e6073dec8bf16d5665ce74bc45aafcd91603d0f540612a247268
-
SHA512
9734659ceb894941e7fce2760d46ca2019bd5a2a26f164a16c0dc0695fb42ae9161093843a4bc78dd46205f90d1692436e8580392d11180bf1792ab486cc6ae6
-
SSDEEP
49152:7vElL26AaNeWgPhlmVqvMQ7XSKnCn1J6eoGdSoTHHB72eh2NT:7vkL26AaNeWgPhlmVqkQ7XSKnCx
Malware Config
Extracted
quasar
1.4.1
Office04
nexosmith1231-54169.portmap.host:54169
607f231f-37d7-40a6-8790-f623e2b7c3d5
-
encryption_key
57AD3106034C3A8FFC913D430F88F63E17B5BC5D
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
dfsdf.exe
-
Size
3.1MB
-
MD5
44aaa2c8fd4f8705bed96d6e4cf0ab85
-
SHA1
2ab7832577f3407c85da9fa894b7cd16f346003d
-
SHA256
f804bfcdfac2e6073dec8bf16d5665ce74bc45aafcd91603d0f540612a247268
-
SHA512
9734659ceb894941e7fce2760d46ca2019bd5a2a26f164a16c0dc0695fb42ae9161093843a4bc78dd46205f90d1692436e8580392d11180bf1792ab486cc6ae6
-
SSDEEP
49152:7vElL26AaNeWgPhlmVqvMQ7XSKnCn1J6eoGdSoTHHB72eh2NT:7vkL26AaNeWgPhlmVqkQ7XSKnCx
-
Quasar payload
-
Executes dropped EXE
-