General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240629-tzjd2athln
-
MD5
c5807c538665509c9c44356cd82a785d
-
SHA1
e97dd1a36a23ab468a2002f2c7ebc62c1e68f240
-
SHA256
cf12af32289d5d1913e941419e809fb0d8bb24ba17adc1b6e108075acce35d1f
-
SHA512
5bfa426685a5973b09ab550dd035921251061974b1e442307fd8dd858d2796f803c9f4be22ef4e9ccd233015c45b88e9088890d351bcd3188dada33cbdd54cd7
-
SSDEEP
49152:uvnI22SsaNYfdPBldt698dBcjH6fPR3XoGdfjRTHHB72eh2NT:uvI22SsaNYfdPBldt6+dBcjH63Rn
Malware Config
Extracted
quasar
1.4.1
zzzz
4.tcp.ngrok.io:16868
116e2822-047d-4b5c-ad10-563148a1a28e
-
encryption_key
C366BC97216329D1909524412E3ECB1EBC575D07
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
c5807c538665509c9c44356cd82a785d
-
SHA1
e97dd1a36a23ab468a2002f2c7ebc62c1e68f240
-
SHA256
cf12af32289d5d1913e941419e809fb0d8bb24ba17adc1b6e108075acce35d1f
-
SHA512
5bfa426685a5973b09ab550dd035921251061974b1e442307fd8dd858d2796f803c9f4be22ef4e9ccd233015c45b88e9088890d351bcd3188dada33cbdd54cd7
-
SSDEEP
49152:uvnI22SsaNYfdPBldt698dBcjH6fPR3XoGdfjRTHHB72eh2NT:uvI22SsaNYfdPBldt6+dBcjH63Rn
-
Quasar payload
-
Legitimate hosting services abused for malware hosting/C2
-