General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240629-njnqxszbnq
-
MD5
38156fe138e7373db14d986ee33d4ea8
-
SHA1
caf166611971c6a8352b22eede79cea92aa344b8
-
SHA256
dd0613d4b34cf59b2ea9a3a0a9f4ce1c02dd0601c0240f61e2b980e16c42667a
-
SHA512
ebcca06582347877ff1b6da58400b3682d998d1b223eb49cc93d4da523c70dc26a1cc4f1ccb1081d7295a1b9906417b78b0d63c685bc93d9ac7db517ddc5d241
-
SSDEEP
49152:SvnI22SsaNYfdPBldt698dBcjH0H4oNbRvLoGddTHHB72eh2NT:SvI22SsaNYfdPBldt6+dBcjH0Yov
Malware Config
Extracted
quasar
1.4.1
TESTIP
8.tcp.ngrok.io:15015
7a69ad86-36ff-45e8-ba4b-800fbf776712
-
encryption_key
562515CBE0241F4FD48C91375ED3063F997D8AEE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
38156fe138e7373db14d986ee33d4ea8
-
SHA1
caf166611971c6a8352b22eede79cea92aa344b8
-
SHA256
dd0613d4b34cf59b2ea9a3a0a9f4ce1c02dd0601c0240f61e2b980e16c42667a
-
SHA512
ebcca06582347877ff1b6da58400b3682d998d1b223eb49cc93d4da523c70dc26a1cc4f1ccb1081d7295a1b9906417b78b0d63c685bc93d9ac7db517ddc5d241
-
SSDEEP
49152:SvnI22SsaNYfdPBldt698dBcjH0H4oNbRvLoGddTHHB72eh2NT:SvI22SsaNYfdPBldt6+dBcjH0Yov
-
Quasar payload
-
Legitimate hosting services abused for malware hosting/C2
-