General
-
Target
fee.exe
-
Size
3.1MB
-
Sample
240629-t21fbs1eja
-
MD5
c7019bdd8633d251d4cb882ad7ed660b
-
SHA1
ae597e52309ccc880c12a07ffd3198a4d5b44c94
-
SHA256
1850845c867a7b02ba9be9a2368d77d026288f74d3a4746db06e8a1e5914be0a
-
SHA512
632899d91ead3ef99efeec2fa5c8b16dcd5ae9c7db24b28132971e130438c22d85df1abb68411244aec113b34804e0535f0311e31af2b12f519b819c1297fca9
-
SSDEEP
49152:KvnI22SsaNYfdPBldt698dBcjHSLRJ6ybR3LoGdpTHHB72eh2NT:KvI22SsaNYfdPBldt6+dBcjHSLRJ6s
Malware Config
Extracted
quasar
1.4.1
zzzz
8.tcp.ngrok.io:14734
116e2822-047d-4b5c-ad10-563148a1a28e
-
encryption_key
C366BC97216329D1909524412E3ECB1EBC575D07
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
fee.exe
-
Size
3.1MB
-
MD5
c7019bdd8633d251d4cb882ad7ed660b
-
SHA1
ae597e52309ccc880c12a07ffd3198a4d5b44c94
-
SHA256
1850845c867a7b02ba9be9a2368d77d026288f74d3a4746db06e8a1e5914be0a
-
SHA512
632899d91ead3ef99efeec2fa5c8b16dcd5ae9c7db24b28132971e130438c22d85df1abb68411244aec113b34804e0535f0311e31af2b12f519b819c1297fca9
-
SSDEEP
49152:KvnI22SsaNYfdPBldt698dBcjHSLRJ6ybR3LoGdpTHHB72eh2NT:KvI22SsaNYfdPBldt6+dBcjHSLRJ6s
-
Quasar payload
-
Legitimate hosting services abused for malware hosting/C2
-