General
-
Target
New folder.zip
-
Size
13.3MB
-
Sample
240630-ngvfpaxanb
-
MD5
1694ee8a09ebbe56390c44bae9307406
-
SHA1
0f1886e199b60d9abd87e786e49f8a0557031052
-
SHA256
7aa6c2e38366d1b553ce56e67f35cfa687e4ba0f7c3eaa404f5ba2449af9fbe5
-
SHA512
8417fa25bd4769e747e539804c92223ae88c1879a8c9f3aad5e3a2f990db47d1cf319f3777cffc259fe6bff0312664f8621434419fc427d67aafdc56aa834c18
-
SSDEEP
393216:0PfDzPD8hpXYoKMFJ4PT61E0WTTPuRr0r1+:0Pf/PY7MPTd0WTatw1+
Behavioral task
behavioral1
Sample
New folder.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
New folder.zip
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
New folder/Client-built - Copy.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
New folder/Client-built - Copy.exe
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
New folder/hamachi.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
New folder/hamachi.msi
Resource
win11-20240508-en
Malware Config
Extracted
quasar
1.4.1
Office04
10.240.115.45:4782
2cc201c7-b02e-4a34-8806-aa9a8d33ae2d
-
encryption_key
64024FEFC383421D2550E88D4DBE252B6BA53116
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
New folder.zip
-
Size
13.3MB
-
MD5
1694ee8a09ebbe56390c44bae9307406
-
SHA1
0f1886e199b60d9abd87e786e49f8a0557031052
-
SHA256
7aa6c2e38366d1b553ce56e67f35cfa687e4ba0f7c3eaa404f5ba2449af9fbe5
-
SHA512
8417fa25bd4769e747e539804c92223ae88c1879a8c9f3aad5e3a2f990db47d1cf319f3777cffc259fe6bff0312664f8621434419fc427d67aafdc56aa834c18
-
SSDEEP
393216:0PfDzPD8hpXYoKMFJ4PT61E0WTTPuRr0r1+:0Pf/PY7MPTd0WTatw1+
Score1/10 -
-
-
Target
New folder/Client-built - Copy.exe
-
Size
3.1MB
-
MD5
f3802bd8f99e5c9ca6c04a7addc2d0d8
-
SHA1
96c6b9feffe04c5fbefc48802ac0635f596c6a33
-
SHA256
6dc99f25c5f794d14323fa2ed8ec891ea2fd81c359d676052574585471984d06
-
SHA512
5eb55bf1c70c40124a4d4df4c20ece52d6ed060c874c01f1fe4b130056edead2dad3a3dd919a487f2dec03d7e5e684883770c48e53932ac7c44b8ab03dbb84ce
-
SSDEEP
49152:OvjI22SsaNYfdPBldt698dBcjHAd19LoGdGTHHB72eh2NT:Ovc22SsaNYfdPBldt6+dBcjHAd11
-
Quasar payload
-
Executes dropped EXE
-
-
-
Target
New folder/hamachi.msi
-
Size
13.7MB
-
MD5
909db4061c32f798e94d746717782444
-
SHA1
10f5ffff17d2dd4476686a941a7bcc5f9b83b1b8
-
SHA256
6ee98db32852a2ff31a969d918bb7c730950bb15f24ea1baf996697cebc8b9fa
-
SHA512
44e7f97b27aef2e4cb62a6a0ebab5033b99e1ec940f231eda416f3b68d83df81d10950a8ced2ca528024adecd1dea7e1d4427e78b111edbc0124d7ffd6c1232d
-
SSDEEP
196608:cp/8gF8Li2aauOgsgJ9RSfD3G43O+WFoy1jNDVxJBQHhIO4E46uVwOXsHoHybhLf:O/382agT9RK73O+kN3JSHuy46inqUMC
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-