General
-
Target
payload.exe
-
Size
360KB
-
Sample
240628-mfylaavaje
-
MD5
0d347ef94018fa95cb30820ce61f0d45
-
SHA1
ac953981f20f323b3a6148951dbc441608bdf5b9
-
SHA256
f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4
-
SHA512
43db5307590fffd7cb5e9f8f36e9a9785054f6186cc001f00de10e1c60e7a766a74967d90e69764105283a6a0d6bdb0d81b3b4a231058defe925d5b7a6ab6ea0
-
SSDEEP
6144:7jeBu0ndSdYCX6+9E8KgmYWfcpJuaeMBaYSi+neTg23J+y:7cndSdYY6+9E8KgmYWfsJEy
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
127.0.0.1:4782
b04ba2ce-b74d-409a-9f5c-bdaffe1644ec
-
encryption_key
3C410D3A0BD1E76F9F4B11AD742F61FAE2E183E6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
payload.exe
-
Size
360KB
-
MD5
0d347ef94018fa95cb30820ce61f0d45
-
SHA1
ac953981f20f323b3a6148951dbc441608bdf5b9
-
SHA256
f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4
-
SHA512
43db5307590fffd7cb5e9f8f36e9a9785054f6186cc001f00de10e1c60e7a766a74967d90e69764105283a6a0d6bdb0d81b3b4a231058defe925d5b7a6ab6ea0
-
SSDEEP
6144:7jeBu0ndSdYCX6+9E8KgmYWfcpJuaeMBaYSi+neTg23J+y:7cndSdYY6+9E8KgmYWfsJEy
-
Quasar payload
-