General
-
Target
a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
-
Size
1.0MB
-
Sample
210922-qk4vmscgd7
-
MD5
d9ae9f8e6be0c1d7c70a1d1b86f44a8c
-
SHA1
1564057c68ed04ffe76aa192e867ed40cd868840
-
SHA256
a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
-
SHA512
d13a512177f86e9a3de60c6b525175005870d5c1536f9e2af80da0c881314d3833b7140e777c65950d71053907f4608237f595490372e5e003fc9c3925786e2b
Static task
static1
Behavioral task
behavioral1
Sample
a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1.exe
Resource
win7-en-20210920
Malware Config
Extracted
quasar
2.8.0.1
Venom Client
192.168.0.149:4455
PNMCyu2XSzVny0gdTw
-
encryption_key
aPDdCEtQpHs1yTAHJZ1B
-
install_name
Venom.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
- subdirectory
Targets
-
-
Target
a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
-
Size
1.0MB
-
MD5
d9ae9f8e6be0c1d7c70a1d1b86f44a8c
-
SHA1
1564057c68ed04ffe76aa192e867ed40cd868840
-
SHA256
a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
-
SHA512
d13a512177f86e9a3de60c6b525175005870d5c1536f9e2af80da0c881314d3833b7140e777c65950d71053907f4608237f595490372e5e003fc9c3925786e2b
-
Quasar Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-