General
-
Target
loader(1).bat
-
Size
6KB
-
Sample
240630-a7wjsa1bpa
-
MD5
dd28cb17a1e4540852af1452696640d0
-
SHA1
d4a954bc2fbae13ad5b0f8f78ea13714a8a00a39
-
SHA256
0da69bfe85133738cfcd24c9381baeb0ff3c849b5fa995171407cc4a9ef1626b
-
SHA512
e9ad278709c73dcc0a136de9ab275a4506ef812d530eb27b6620738321261e6f41540c163b2d7d8ed4844df96ecf7970001f561b0f225a71532f13d3896701cd
-
SSDEEP
192:B+Y+L2cE8Wc/Dz+KH32ywmC4cRpmVZfE1XzHxl/JXhCdyNhA:UE8Wc/DztH32y7C4Qp/lzRl/JXhDNhA
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
127.0.0.1:4782
b04ba2ce-b74d-409a-9f5c-bdaffe1644ec
-
encryption_key
3C410D3A0BD1E76F9F4B11AD742F61FAE2E183E6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
loader(1).bat
-
Size
6KB
-
MD5
dd28cb17a1e4540852af1452696640d0
-
SHA1
d4a954bc2fbae13ad5b0f8f78ea13714a8a00a39
-
SHA256
0da69bfe85133738cfcd24c9381baeb0ff3c849b5fa995171407cc4a9ef1626b
-
SHA512
e9ad278709c73dcc0a136de9ab275a4506ef812d530eb27b6620738321261e6f41540c163b2d7d8ed4844df96ecf7970001f561b0f225a71532f13d3896701cd
-
SSDEEP
192:B+Y+L2cE8Wc/Dz+KH32ywmC4cRpmVZfE1XzHxl/JXhCdyNhA:UE8Wc/DztH32y7C4Qp/lzRl/JXhDNhA
-
Quasar payload
-
Blocklisted process makes network request
-