General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240707-p56djavfja
-
MD5
1c255f2917eb4c3309c6a97183398ad9
-
SHA1
6ea2e5e97483d6ce2735d61ec0b427040ba086cb
-
SHA256
78d2d801efd63e4568b3e4b532ad50a2819a41aebbd4a65d09893654ee4e6ebf
-
SHA512
c7d7175e65a0cd0fe1ca256d06385fa9d104e8d59941860b42ffae7e10b0fb02f55dc296b908b123d268bae73e319f354abf2b9b9565791f47a22f732fd85d1c
-
SSDEEP
49152:6vFt62XlaSFNWPjljiFa2RoUYIbRX0MmZILoGUyTHHB72eh2NT:6v362XlaSFNWPjljiFXRoUYIdX0i
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.48:4782
878b2fb4-192c-4f50-ae38-0881a431b12f
-
encryption_key
DB1FE6851C4D98E11497D9AF06379F8966EC065A
-
install_name
JavaUpdater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
JavaUpdater
-
subdirectory
Java
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
1c255f2917eb4c3309c6a97183398ad9
-
SHA1
6ea2e5e97483d6ce2735d61ec0b427040ba086cb
-
SHA256
78d2d801efd63e4568b3e4b532ad50a2819a41aebbd4a65d09893654ee4e6ebf
-
SHA512
c7d7175e65a0cd0fe1ca256d06385fa9d104e8d59941860b42ffae7e10b0fb02f55dc296b908b123d268bae73e319f354abf2b9b9565791f47a22f732fd85d1c
-
SSDEEP
49152:6vFt62XlaSFNWPjljiFa2RoUYIbRX0MmZILoGUyTHHB72eh2NT:6v362XlaSFNWPjljiFXRoUYIdX0i
-
Quasar payload
-
Executes dropped EXE
-