General
-
Target
P03SkzED.exe
-
Size
1.9MB
-
Sample
240630-1fhfyszbnj
-
MD5
8a1c6ab6aeeec522d4d2d483543cb6ad
-
SHA1
9133c7c95c6639c85f5880d97bfa4187905735b7
-
SHA256
bd275a1f97d1691e394d81dd402c11aaa88cc8e723df7a6aaf57791fa6a6cdfa
-
SHA512
86ca27ffa211847d772e2193540eb5da4ad8d6f8d62859cc86970b4053f6968521898ec63aafe4faaa30afbff513c12709bf46b917c5064de45398dab23fcd20
-
SSDEEP
49152:gK2O5r4MM1BBE+qTSMBi9Rbpt/aaxJGC/0UhlHLomjqD:gK2O5rfMLByTSMBap9BxJG4zhlHU
Behavioral task
behavioral1
Sample
P03SkzED.exe
Resource
win10-20240404-en
Malware Config
Extracted
quasar
1.4.1
Moveit
193.142.146.212:4782
4b1cd0e7-d736-4aba-b4c8-067d2567b03d
-
encryption_key
E12B8859E2195F69A0C4E8D7025D91C844CB8B49
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
P03SkzED.exe
-
Size
1.9MB
-
MD5
8a1c6ab6aeeec522d4d2d483543cb6ad
-
SHA1
9133c7c95c6639c85f5880d97bfa4187905735b7
-
SHA256
bd275a1f97d1691e394d81dd402c11aaa88cc8e723df7a6aaf57791fa6a6cdfa
-
SHA512
86ca27ffa211847d772e2193540eb5da4ad8d6f8d62859cc86970b4053f6968521898ec63aafe4faaa30afbff513c12709bf46b917c5064de45398dab23fcd20
-
SSDEEP
49152:gK2O5r4MM1BBE+qTSMBi9Rbpt/aaxJGC/0UhlHLomjqD:gK2O5rfMLByTSMBap9BxJG4zhlHU
-
PureLog Stealer payload
-
Quasar payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-