General
-
Target
Temp-WooferV4.exe
-
Size
9.3MB
-
Sample
240622-t2seqayeqm
-
MD5
8bd99debc255e40897756021683bdfe9
-
SHA1
a000a6dad9ca23548f87d7f306a63e2f5f64ada1
-
SHA256
f0381c1a7c34cbb1b412a0bae5ea964b8ab99909ce69c860eeb7f42572974074
-
SHA512
4b8ac0f0a5786b4d9f90866405f201e9b67a3c603ff9fdca2d9d95a0bfb851a684524c05914b80fc2ca80a92e37d2dc2623d879d3885e5e90deeb7271bc95b01
-
SSDEEP
196608:OTdY36G7nfXYEOshoKMuIkhVastRL5Di3unSE71D7JY:+dY3drOshouIkPftRL54XARJY
Behavioral task
behavioral1
Sample
Temp-WooferV4.exe
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.141:4782
ca9981fb-bc19-47a5-946e-2376fcf6334c
-
encryption_key
7D7FE45F9E650A16A4C100F9ADAAA1670E769835
-
install_name
Windows Defender.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Defender
-
subdirectory
SubDir
Targets
-
-
Target
Temp-WooferV4.exe
-
Size
9.3MB
-
MD5
8bd99debc255e40897756021683bdfe9
-
SHA1
a000a6dad9ca23548f87d7f306a63e2f5f64ada1
-
SHA256
f0381c1a7c34cbb1b412a0bae5ea964b8ab99909ce69c860eeb7f42572974074
-
SHA512
4b8ac0f0a5786b4d9f90866405f201e9b67a3c603ff9fdca2d9d95a0bfb851a684524c05914b80fc2ca80a92e37d2dc2623d879d3885e5e90deeb7271bc95b01
-
SSDEEP
196608:OTdY36G7nfXYEOshoKMuIkhVastRL5Di3unSE71D7JY:+dY3drOshouIkPftRL54XARJY
-
Quasar payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Hide Artifacts: Hidden Files and Directories
-