General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240627-18pqqstgqb
-
MD5
dc2017d875a294af1881e553b11b8717
-
SHA1
40b4ab857db967b61d4708943f157f248c49b844
-
SHA256
5605c73c546e1dc58135d9f966e449d4acf0e791f4095989f4b746522e726f27
-
SHA512
faf2982b82dade07c2c88425bdc8f77ee4ee6e28d850f612db7e370547afd2c6337b6cc5b0087685a199e1e83d6666fcaae0109aa89bf6ea4ca2d150b9972262
-
SSDEEP
49152:PvEt62XlaSFNWPjljiFa2RoUYIkdyRfDKoGdf+THHB72eh2NT:PvY62XlaSFNWPjljiFXRoUYIkdyRfm
Malware Config
Extracted
quasar
1.4.1
Office04
0.tcp.eu.ngrok.io:12165
fbfe2df1-f4ca-4d07-920f-4075f27bc8a1
-
encryption_key
B22432E943AA88394E5F97387369DCA7D8B67608
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system 32
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
dc2017d875a294af1881e553b11b8717
-
SHA1
40b4ab857db967b61d4708943f157f248c49b844
-
SHA256
5605c73c546e1dc58135d9f966e449d4acf0e791f4095989f4b746522e726f27
-
SHA512
faf2982b82dade07c2c88425bdc8f77ee4ee6e28d850f612db7e370547afd2c6337b6cc5b0087685a199e1e83d6666fcaae0109aa89bf6ea4ca2d150b9972262
-
SSDEEP
49152:PvEt62XlaSFNWPjljiFa2RoUYIkdyRfDKoGdf+THHB72eh2NT:PvY62XlaSFNWPjljiFXRoUYIkdyRfm
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-