General
-
Target
Client-Built.exe
-
Size
3.1MB
-
Sample
240630-vx364a1ejg
-
MD5
a83d80a0db9a509be7acfa3c7ba9a066
-
SHA1
6e3c59fc948ae86e8d2d38e42b232e397f40bc48
-
SHA256
6bc733f11af6d7dce26816caa4e0bfba8f72db07c997b043619186a2e85589ed
-
SHA512
eaef06a27315caf66127a0024831444ba85c621f50b73ba31c105fc0987902214226c83fbec005de3c0603d0bfff00516a44d63a64cd4301abb3fc2967bd1c99
-
SSDEEP
49152:bvzlL26AaNeWgPhlmVqvMQ7XSKmAu4WDfR9YoGdfTrNGTHHB72eh2NT:bvpL26AaNeWgPhlmVqkQ7XSKmf4jv
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.177:4782
fd713a2a-810e-4800-b077-4b0e564f16e9
-
encryption_key
6B559FBA33993D944FD324F1D59D7F6E5BD04C2E
-
install_name
WaveKeysGenrator.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
RATS
Targets
-
-
Target
Client-Built.exe
-
Size
3.1MB
-
MD5
a83d80a0db9a509be7acfa3c7ba9a066
-
SHA1
6e3c59fc948ae86e8d2d38e42b232e397f40bc48
-
SHA256
6bc733f11af6d7dce26816caa4e0bfba8f72db07c997b043619186a2e85589ed
-
SHA512
eaef06a27315caf66127a0024831444ba85c621f50b73ba31c105fc0987902214226c83fbec005de3c0603d0bfff00516a44d63a64cd4301abb3fc2967bd1c99
-
SSDEEP
49152:bvzlL26AaNeWgPhlmVqvMQ7XSKmAu4WDfR9YoGdfTrNGTHHB72eh2NT:bvpL26AaNeWgPhlmVqkQ7XSKmf4jv
-
Quasar payload
-
Executes dropped EXE
-