General
-
Target
5a1c61fc913ba7293c85c7b4ad28e88f1683ec2158897eab5a5212d4059ab959
-
Size
3.1MB
-
Sample
240630-1pwd6szdqr
-
MD5
4f107e95a9c20b41ef4e602ec661d3f1
-
SHA1
429db6828d2152b818f5db9f0574e867dcaf2f6b
-
SHA256
5a1c61fc913ba7293c85c7b4ad28e88f1683ec2158897eab5a5212d4059ab959
-
SHA512
b8bc51d250bd443347a52211b4bb1075c8a7b89d3e190d0efd093b3f74e7d2e2c041eaea62798484ab0a9d7da4a81c62f42172b6dacd190bd5a54de706b75f13
-
SSDEEP
49152:avkt62XlaSFNWPjljiFa2RoUYI6se2ErsSk/uhaoGdS/THHB72eh2NT:av462XlaSFNWPjljiFXRoUYI6seP8i
Behavioral task
behavioral1
Sample
5a1c61fc913ba7293c85c7b4ad28e88f1683ec2158897eab5a5212d4059ab959.exe
Resource
win7-20231129-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.217:4782
3945cd6c-7a48-4953-891b-b572e6546d28
-
encryption_key
0424D13FAB664773413CCE167A339263D182142D
-
install_name
Sigma.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Javaxxx
-
subdirectory
SubDir
Targets
-
-
Target
5a1c61fc913ba7293c85c7b4ad28e88f1683ec2158897eab5a5212d4059ab959
-
Size
3.1MB
-
MD5
4f107e95a9c20b41ef4e602ec661d3f1
-
SHA1
429db6828d2152b818f5db9f0574e867dcaf2f6b
-
SHA256
5a1c61fc913ba7293c85c7b4ad28e88f1683ec2158897eab5a5212d4059ab959
-
SHA512
b8bc51d250bd443347a52211b4bb1075c8a7b89d3e190d0efd093b3f74e7d2e2c041eaea62798484ab0a9d7da4a81c62f42172b6dacd190bd5a54de706b75f13
-
SSDEEP
49152:avkt62XlaSFNWPjljiFa2RoUYI6se2ErsSk/uhaoGdS/THHB72eh2NT:av462XlaSFNWPjljiFXRoUYI6seP8i
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Executes dropped EXE
-