General
-
Target
loader.bat
-
Size
2KB
-
Sample
240629-2cl6eaxhla
-
MD5
337cfcf36634c573c615b9d86ac21a8b
-
SHA1
c840474cd8f10bfa82165f21f97359ac29cb06fb
-
SHA256
2e1e7479498f263156ce8f1a4d5760cf35a28f3e102b652e2dcc15ce60cdaf89
-
SHA512
3c454364f5841bc6c87a96f70179620a717e8baeec83ce3e7f04d46be1d65c84281c5a634c136585a3b33e0321c515559961482a33cdcdf0fbee7a539f7b4a01
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
127.0.0.1:4782
b04ba2ce-b74d-409a-9f5c-bdaffe1644ec
-
encryption_key
3C410D3A0BD1E76F9F4B11AD742F61FAE2E183E6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
loader.bat
-
Size
2KB
-
MD5
337cfcf36634c573c615b9d86ac21a8b
-
SHA1
c840474cd8f10bfa82165f21f97359ac29cb06fb
-
SHA256
2e1e7479498f263156ce8f1a4d5760cf35a28f3e102b652e2dcc15ce60cdaf89
-
SHA512
3c454364f5841bc6c87a96f70179620a717e8baeec83ce3e7f04d46be1d65c84281c5a634c136585a3b33e0321c515559961482a33cdcdf0fbee7a539f7b4a01
-
Quasar payload
-
Blocklisted process makes network request
-