{
	"id": "2dbda8d0-f7f1-47c1-b0fb-78531ad29f08",
	"created_at": "2026-04-06T00:18:19.486284Z",
	"updated_at": "2026-04-10T03:20:41.082029Z",
	"deleted_at": null,
	"sha1_hash": "4100887acf8bee547edb7b0f67345e43f94c6934",
	"title": "Quasar Chaos",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34199,
	"plain_text": "Quasar Chaos\r\nPublished: 2023-04-13 · Archived: 2026-04-05 23:08:11 UTC\r\nimport base64\r\nimport malduck\r\nfrom Crypto.Protocol.KDF import PBKDF2\r\nstring_data = 'muoBJw7vz107HYcI4tyRBz0XVW2kCA367J52yCDjuHUkVGWPKkpXUgV5Q1/s4HNhSAMJDhTJwYIa3MxqdMkg7A\r\nstring_data_b64 = base64.b64decode(string_data)\r\nstring_data_b64 = string_data_b64[32:]\r\niv = string_data_b64[:16]\r\nenc_data = string_data_b64[16:]\r\nkey_data = \"SM73jcn259KtoJ4uPciZ\"\r\niterations = 50000\r\nsalt = bytes([191,235,30,86,251,205,151,59,178,25,2,36,48,165,120,67,0,61,86,68,210,30,98,185,212,241\r\nkey = PBKDF2(key_data, salt, count=iterations)\r\nstrings = [\r\n\"3DaXS6MYqYL9Q/3WF/cPdbdoy2NggCqoSmasPYwzkPD389j4IoSZZVQHHz196cPEy2h4VSsjy7se22/++XH89w==\",\r\n\"U2MkYAPUljFBQRO9iIkRZVGmxS2mOB+3klWr1xcKn3OqiosSod4C8iKk+GmogWRVZ6xUFktvHtwFnyOxg+ZSLPjbO+3+OdrVI8o+\r\n\"1WvgEMPjdwfqIMeM9MclyQ==\",\r\n\"NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==\",\r\n\"NX2L76Nud+1o8CF2fRs8qiHu4v2wb0E701jiqZNY+WP0X+oOZUuIpza8zsipPF550Uz4XlYTbeon9njxoQ2MBA==\",\r\n\"DQSIoMapurAvRyZWC74v/c0E7zcV+8LgDPpOmChR453N+Cj+6Fwipe5tbYPbhkpNhwf9hEy/78hh8qB6c1B3nw==\",\r\n\"p56HD6/EQvRGDzCuDAjko6aJqVPRc/Mug3q2bslOWAZN8H2n4vy8m3x0RtwAUXh5C6kG15y+qrvsfs2s4qJHQBdKg5BmNrg62Ync\r\n\"xf05S4o+UGg6gPS2slPSroORS4DLfYXnHiWz6VyhTQOpNKzIHxhEvDSTlPMFUIek3Wi3lCxroWOHJr9WeGvvHe6fxXcVPTWnPs4Y\r\n\"muoBJw7vz107HYcI4tyRBz0XVW2kCA367J52yCDjuHUkVGWPKkpXUgV5Q1/s4HNhSAMJDhTJwYIa3MxqdMkg7A==\",\r\n\"B0T3cryizrl4VOcnw40TDxor8c5ycs9chw7RjsLxM2h+rS/BlcPa2ZW4po/PpJXob3byyEj4GOuWUPn+M4Shcg==\"]\r\nfor s in strings:\r\n try:\r\n string_data_b64 = base64.b64decode(s)\r\n string_data_b64 = string_data_b64[32:]\r\nhttps://research.openanalysis.net/quasar/chaos/rat/ransomware/2023/04/13/quasar-chaos.html\r\nPage 1 of 2\n\niv = string_data_b64[:16]\r\n enc_data = string_data_b64[16:]\r\n out = malduck.aes.cbc.decrypt(key, iv, enc_data)\r\n print(out)\r\n except:\r\n pass\r\nSource: https://research.openanalysis.net/quasar/chaos/rat/ransomware/2023/04/13/quasar-chaos.html\r\nhttps://research.openanalysis.net/quasar/chaos/rat/ransomware/2023/04/13/quasar-chaos.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "DE",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://research.openanalysis.net/quasar/chaos/rat/ransomware/2023/04/13/quasar-chaos.html"
	],
	"report_names": [
		"quasar-chaos.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434699,
	"ts_updated_at": 1775791241,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4100887acf8bee547edb7b0f67345e43f94c6934.pdf",
		"text": "https://archive.orkl.eu/4100887acf8bee547edb7b0f67345e43f94c6934.txt",
		"img": "https://archive.orkl.eu/4100887acf8bee547edb7b0f67345e43f94c6934.jpg"
	}
}