General
-
Target
cwel.exe
-
Size
3.1MB
-
Sample
240629-w1czrawcrp
-
MD5
f57c5f27d07315ed82dbb08b6e652c11
-
SHA1
0c2411ec67b8f5457a36615f452091fa9fde834a
-
SHA256
89fbe8fb43f3984f60bfedeae4cace3b4789351ab26ebbfba4c86a2b846ef2e9
-
SHA512
a776ff65e4091531aa40534b0ab048be3552c45c1b7e684bcf8cbbd3c25df48e1c62ae50c91027db9a7e54dc9d87c084467f8feb84054ddeac18edb72bea2282
-
SSDEEP
49152:DvLlL26AaNeWgPhlmVqvMQ7XSKXtmbmzJxoGdrXBLTHHB72eh2NT:DvxL26AaNeWgPhlmVqkQ7XSKXtmM
Malware Config
Extracted
quasar
1.4.1
Office04
pringelsy-48617.portmap.host:48617
47a4883d-5fa4-4ba1-82ac-9e7264eb80ac
-
encryption_key
49AD8030FAA6FACCE440328D691DA1A8FD6FDA5C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
cwel.exe
-
Size
3.1MB
-
MD5
f57c5f27d07315ed82dbb08b6e652c11
-
SHA1
0c2411ec67b8f5457a36615f452091fa9fde834a
-
SHA256
89fbe8fb43f3984f60bfedeae4cace3b4789351ab26ebbfba4c86a2b846ef2e9
-
SHA512
a776ff65e4091531aa40534b0ab048be3552c45c1b7e684bcf8cbbd3c25df48e1c62ae50c91027db9a7e54dc9d87c084467f8feb84054ddeac18edb72bea2282
-
SSDEEP
49152:DvLlL26AaNeWgPhlmVqvMQ7XSKXtmbmzJxoGdrXBLTHHB72eh2NT:DvxL26AaNeWgPhlmVqkQ7XSKXtmM
-
Quasar payload
-
Executes dropped EXE
-