General
-
Target
Celestial.exe
-
Size
3.1MB
-
Sample
240630-j3gz9sycnm
-
MD5
12bdd4b4c107fc3ffec7f9b29d7d6a93
-
SHA1
04bb395848578e22cef0c90215463e4efe4965c3
-
SHA256
af454978c652f9acb95b7c2f45d41ee0ba7923d6e3b3f554af853ef9efff9440
-
SHA512
ff4a2c42ac1fed5421955a949cf28c9abb714484bb68259f160516d10a7a179cc6e6327ab2fc2f099ba51a98b25fa5f41ea2af4f3815159e1ce7f75a698b8251
-
SSDEEP
49152:nv6lL26AaNeWgPhlmVqvMQ7XSKZkxNESElk/iULoGdldTHHB72eh2NT:nviL26AaNeWgPhlmVqkQ7XSKGxsa
Malware Config
Extracted
quasar
1.4.1
Office04
147.185.221.19:33365
ba5220e2-c4e8-4381-aad8-a85115ef955e
-
encryption_key
67C139F3E9A16FF8132A3DCF42197B8BA3C38609
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Miicrosoft Securiity
-
subdirectory
Miicrosoft Securiity
Targets
-
-
Target
Celestial.exe
-
Size
3.1MB
-
MD5
12bdd4b4c107fc3ffec7f9b29d7d6a93
-
SHA1
04bb395848578e22cef0c90215463e4efe4965c3
-
SHA256
af454978c652f9acb95b7c2f45d41ee0ba7923d6e3b3f554af853ef9efff9440
-
SHA512
ff4a2c42ac1fed5421955a949cf28c9abb714484bb68259f160516d10a7a179cc6e6327ab2fc2f099ba51a98b25fa5f41ea2af4f3815159e1ce7f75a698b8251
-
SSDEEP
49152:nv6lL26AaNeWgPhlmVqvMQ7XSKZkxNESElk/iULoGdldTHHB72eh2NT:nviL26AaNeWgPhlmVqkQ7XSKGxsa
-
Quasar payload
-
Executes dropped EXE
-