General
-
Target
smss.exe
-
Size
3.1MB
-
Sample
240621-hhhkmazenc
-
MD5
bf04688e0d33e2a1b305c5cfe9dae94d
-
SHA1
ee3924572b0ae9a0534e1c1e632fca12ea944f73
-
SHA256
b088c1a59ca35c08c61fcbf4879c025177c1a46d34be546b031d82a478b6291a
-
SHA512
e4917c80ebf40bcf5ad40c51f38e7c3b74d35be7b9a656c4592fed6d8c4f5b6d3f22eb694d4ecb37f5d5cbe0bf881a4ad3134576244e7d6f7e4655f86d7b29e3
-
SSDEEP
49152:DvilL26AaNeWgPhlmVqvMQ7XSKNT+ICoGdwaTHHB72eh2NT:DvaL26AaNeWgPhlmVqkQ7XSKNT+j
Malware Config
Extracted
quasar
1.4.1
Office04
carolina-reverse.gl.at.ply.gg:34609
255a7afd-a9a3-4b9f-b4bc-647ca1724a1a
-
encryption_key
524892BD8A433CE8E6A342E36737F573CEF5D252
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
smss.exe
-
Size
3.1MB
-
MD5
bf04688e0d33e2a1b305c5cfe9dae94d
-
SHA1
ee3924572b0ae9a0534e1c1e632fca12ea944f73
-
SHA256
b088c1a59ca35c08c61fcbf4879c025177c1a46d34be546b031d82a478b6291a
-
SHA512
e4917c80ebf40bcf5ad40c51f38e7c3b74d35be7b9a656c4592fed6d8c4f5b6d3f22eb694d4ecb37f5d5cbe0bf881a4ad3134576244e7d6f7e4655f86d7b29e3
-
SSDEEP
49152:DvilL26AaNeWgPhlmVqvMQ7XSKNT+ICoGdwaTHHB72eh2NT:DvaL26AaNeWgPhlmVqkQ7XSKNT+j
-
Quasar payload
-