General
-
Target
1914a2c8d1589d346dec86208bbbee37.exe
-
Size
502KB
-
Sample
210806-lywj1cbh5s
-
MD5
1914a2c8d1589d346dec86208bbbee37
-
SHA1
c9f854cb866fc0dfa54ad4438fb1e3479a9a384e
-
SHA256
a725bb8800499239e18eb3973b4c4371214e8da4efb12108ac42957a3819572b
-
SHA512
fb7c411b9aa69deb8ac2660846a555e3bc2481dea13b858f1aa214a67160f02eb205dd08e84c6867c06deddca00ca562c938e2f667e05faac67adfcd9385799c
Behavioral task
behavioral1
Sample
1914a2c8d1589d346dec86208bbbee37.exe
Resource
win7v20210410
Malware Config
Extracted
quasar
1.4.0
test1
166.62.33.218:6624
b2e23ea3-acf2-4226-ae2a-ae57e85e6e82
-
encryption_key
C8BFD012DB4B42D492F03E53D34F6E70BFC0E813
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
1914a2c8d1589d346dec86208bbbee37.exe
-
Size
502KB
-
MD5
1914a2c8d1589d346dec86208bbbee37
-
SHA1
c9f854cb866fc0dfa54ad4438fb1e3479a9a384e
-
SHA256
a725bb8800499239e18eb3973b4c4371214e8da4efb12108ac42957a3819572b
-
SHA512
fb7c411b9aa69deb8ac2660846a555e3bc2481dea13b858f1aa214a67160f02eb205dd08e84c6867c06deddca00ca562c938e2f667e05faac67adfcd9385799c
-
Quasar Payload
-
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-