General
-
Target
WyvernnLoader.bat
-
Size
1.6MB
-
Sample
240616-gsxa4ascpd
-
MD5
397a1739c93194c4092d5eeb9c158293
-
SHA1
3ab74dec8b50232a656de55ccc172136daf89eb5
-
SHA256
96c3bc130731c3894c3f1228be0ac7a79ffb75f3caa6e0148c840477b3485eca
-
SHA512
0c708534fe11954f2ac2b89d9f5128809791740aafaf9c9017fe83d14c576f571807f7e214db9c0f7a4abf7ac2e6fb771dd7c905730d63d6c487790431751ff8
-
SSDEEP
24576:ZYv/6AqKnD17yPXF5olmY/r3BckOw3nIW6gfa9bX4LISC8qcOWkwThCSjjG+TOoq:GSm1efY2kN3IW6P9MZJQ
Static task
static1
Behavioral task
behavioral1
Sample
WyvernnLoader.bat
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.1
Office04
147.185.221.18:18043
b70563dc-1a4b-4e44-8c78-87c8f325342d
-
encryption_key
211206313CE42AACEA301C4CAC6CB50A5128C03B
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
Management
Targets
-
-
Target
WyvernnLoader.bat
-
Size
1.6MB
-
MD5
397a1739c93194c4092d5eeb9c158293
-
SHA1
3ab74dec8b50232a656de55ccc172136daf89eb5
-
SHA256
96c3bc130731c3894c3f1228be0ac7a79ffb75f3caa6e0148c840477b3485eca
-
SHA512
0c708534fe11954f2ac2b89d9f5128809791740aafaf9c9017fe83d14c576f571807f7e214db9c0f7a4abf7ac2e6fb771dd7c905730d63d6c487790431751ff8
-
SSDEEP
24576:ZYv/6AqKnD17yPXF5olmY/r3BckOw3nIW6gfa9bX4LISC8qcOWkwThCSjjG+TOoq:GSm1efY2kN3IW6P9MZJQ
-
Quasar payload
-
Blocklisted process makes network request
-