General
-
Target
3a52e34c074990eee6ed67e3237c4c9c.bin
-
Size
1.2MB
-
Sample
240625-cbdefaxgjk
-
MD5
d4b991f98342b192e0aaa81ef8f92e6e
-
SHA1
0a5ed09dceb56c82ef31aaee8c16465f8cfe4c3b
-
SHA256
f0ee02f93d715a6dbc3f16bfe075c7617a0c69049fbae0959c3d5797d4a999a1
-
SHA512
9c72c23f4aaca77e67297c0fb186b6e636bcb6c44e22ffd0013655b29237c4f626f6081797e50e591064996054ba14132651a5ea9b8f1c449be5dfb9dbd439d7
-
SSDEEP
24576:isR/KnG+XDQ03KgQdr74Zs9N7r+JeoRaNxEhZ/dKlD4tk8YJVG5h3CaYQd6QdNv6:iq/KnFDQCo2s9N7XWKEhhwlWNwgNCaYJ
Behavioral task
behavioral1
Sample
a451e748bc1e4c05bdaa722b35a5f6dd1a78765ac8967187a61b846f819c8bf6.exe
Resource
win7-20240419-en
Malware Config
Extracted
quasar
1.4.1
Office04
94.228.166.40:4782
172a89d7-b9b2-4d82-b5ed-6beb5326f544
-
encryption_key
7970C2029EDBB83E6BD65073BE18684AC9FF3F48
-
install_name
KR6nDu9fLhop1bFe.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
defender.proces
-
subdirectory
SubDir
Targets
-
-
Target
a451e748bc1e4c05bdaa722b35a5f6dd1a78765ac8967187a61b846f819c8bf6.exe
-
Size
3.1MB
-
MD5
3a52e34c074990eee6ed67e3237c4c9c
-
SHA1
b7df84535c4d8002cdd7675866617cf9884455c6
-
SHA256
a451e748bc1e4c05bdaa722b35a5f6dd1a78765ac8967187a61b846f819c8bf6
-
SHA512
1553aa7e90b404f715c9b025937da6a4941fd287de9a69afe52e970731c48b3a6e62ae898a4e16164fa57e20183ff86999b37c7ff9c9f77fa0a85bce3916b19c
-
SSDEEP
49152:MvHI22SsaNYfdPBldt698dBcjHuZvgGoGnVvTHHB72eh2NT:Mvo22SsaNYfdPBldt6+dBcjHuZvF
-
Quasar payload
-
Executes dropped EXE
-