General
-
Target
Remote.exe
-
Size
3.1MB
-
Sample
240630-vwdj2svbpn
-
MD5
875d3550ed90decbd5188e1d2cc961c0
-
SHA1
b067c399f32873bfb4d16524a87d17196c6a070b
-
SHA256
65914f9dcfa1f7e81859a9e042ee84b549bde879180d4eea3eb7fe4f50b73097
-
SHA512
c7799194bbebba17ce32765416ed75a996a29c9694191e6cc89966fa10a9675cafef26867320fabfbb21a851f4ee261b99b260aa0c4f5ee359fcd128a71c13fa
-
SSDEEP
49152:HviI22SsaNYfdPBldt698dBcjHEKRJ6zbR3LoGdqTHHB72eh2NT:Hvv22SsaNYfdPBldt6+dBcjHEKRJ6l
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.1.150:4782
adc301f6-35ca-4636-b286-ad2aef63f877
-
encryption_key
54B7AB1A151267275EF24D335CE7E3B6ABDDC53E
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Updater Services
-
subdirectory
SubDir
Targets
-
-
Target
Remote.exe
-
Size
3.1MB
-
MD5
875d3550ed90decbd5188e1d2cc961c0
-
SHA1
b067c399f32873bfb4d16524a87d17196c6a070b
-
SHA256
65914f9dcfa1f7e81859a9e042ee84b549bde879180d4eea3eb7fe4f50b73097
-
SHA512
c7799194bbebba17ce32765416ed75a996a29c9694191e6cc89966fa10a9675cafef26867320fabfbb21a851f4ee261b99b260aa0c4f5ee359fcd128a71c13fa
-
SSDEEP
49152:HviI22SsaNYfdPBldt698dBcjHEKRJ6zbR3LoGdqTHHB72eh2NT:Hvv22SsaNYfdPBldt6+dBcjHEKRJ6l
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-