General
-
Target
39b139c752dbd05daa85f6183620febf
-
Size
3.3MB
-
Sample
210709-m4fbrzbksa
-
MD5
39b139c752dbd05daa85f6183620febf
-
SHA1
99fbb8be7f270400b4c49c943758f90f94a65ef5
-
SHA256
b43995d648b6e64824da5749a407029eae9feb84787266a4dae33f4c412ec661
-
SHA512
3c5bcb79740f6a146768452279378cabeb267abca15a9b75d04917a4b794a8d70e81b65ab73e6307f83515fac1433fa7426de2a5ccc2db42ec1cffd4d881dc00
Static task
static1
Behavioral task
behavioral1
Sample
39b139c752dbd05daa85f6183620febf.exe
Resource
win7v20210408
Malware Config
Extracted
quasar
1.3.0.0
Sys32
184.105.238.80:4782
QSR_MUTEX_IBj5UlCqsXE96x1jgF
-
encryption_key
mZfAUjkKkw53M41DGa6d
-
install_name
System32.exe
-
log_directory
Sys32Logs
-
reconnect_delay
3000
-
startup_key
System32
-
subdirectory
SubDir
Targets
-
-
Target
39b139c752dbd05daa85f6183620febf
-
Size
3.3MB
-
MD5
39b139c752dbd05daa85f6183620febf
-
SHA1
99fbb8be7f270400b4c49c943758f90f94a65ef5
-
SHA256
b43995d648b6e64824da5749a407029eae9feb84787266a4dae33f4c412ec661
-
SHA512
3c5bcb79740f6a146768452279378cabeb267abca15a9b75d04917a4b794a8d70e81b65ab73e6307f83515fac1433fa7426de2a5ccc2db42ec1cffd4d881dc00
-
Quasar Payload
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-