General
-
Target
ARC.exe
-
Size
3.1MB
-
Sample
240623-r3fq7svcjh
-
MD5
b7d46680cfdf6f6eb8975b917ebc247b
-
SHA1
024e3fcc6ab0d6c4eb1b9c8cce6f2d9acc341ce2
-
SHA256
0bee76d8a4d71ea7549639ebee593d3b1ef8e57d958b4f248668d3aa5e3dd810
-
SHA512
fadf39b5ee1a89257a940202038363866793e5d8a7e1256563f09177735cb2fd715fd0a0bcfcca6aed679d7b11a302022e9fc4ab53df264383a5b15eed53fa4f
-
SSDEEP
49152:bv2I22SsaNYfdPBldt698dBcjHo75D1vHLoud58NTHHB72eh2NT:bvb22SsaNYfdPBldt6+dBcjHo75R1
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.4.84:4782
c297f8b7-0f1f-4701-b622-6cffabd13dfa
-
encryption_key
54FD30A1784C7771340BE35C5F3402E09B0E8FCC
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
ARC.exe
-
Size
3.1MB
-
MD5
b7d46680cfdf6f6eb8975b917ebc247b
-
SHA1
024e3fcc6ab0d6c4eb1b9c8cce6f2d9acc341ce2
-
SHA256
0bee76d8a4d71ea7549639ebee593d3b1ef8e57d958b4f248668d3aa5e3dd810
-
SHA512
fadf39b5ee1a89257a940202038363866793e5d8a7e1256563f09177735cb2fd715fd0a0bcfcca6aed679d7b11a302022e9fc4ab53df264383a5b15eed53fa4f
-
SSDEEP
49152:bv2I22SsaNYfdPBldt698dBcjHo75D1vHLoud58NTHHB72eh2NT:bvb22SsaNYfdPBldt6+dBcjHo75R1
-
Quasar payload
-
Executes dropped EXE
-