General
-
Target
Comprobante de pago.xls
-
Size
109KB
-
Sample
211023-f51cvadagl
-
MD5
271ba3d36cd7425438355af48c600e20
-
SHA1
4a7f399ac4e8420b73a8274003eac6a1ffc31fb0
-
SHA256
a1f309adfabcda9c7f1badc025f7756f7dd8ff9da3529dee09044df6e7d177df
-
SHA512
33e842c5c2eefb7e40d8f651535539cc151460106407501b22eb50cc7af4347db8048238c4d9387c8c3ac5b9158a532ceb07d37c2dd269da6c68de726921faad
Static task
static1
Behavioral task
behavioral1
Sample
Comprobante de pago.xls
Resource
win7-en-20210920
Malware Config
Extracted
quasar
1.3.0.0
Criok
ildriendfrirotoi.zapto.org:61790
fruitingsuccess.ignorelist.com:61789
QSR_MUTEX_JS7TIscSksvJKrLXxw
-
encryption_key
7RWfQmQNDJPIz1c1QtI1
-
install_name
Updater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Update
-
subdirectory
Windows
Targets
-
-
Target
Comprobante de pago.xls
-
Size
109KB
-
MD5
271ba3d36cd7425438355af48c600e20
-
SHA1
4a7f399ac4e8420b73a8274003eac6a1ffc31fb0
-
SHA256
a1f309adfabcda9c7f1badc025f7756f7dd8ff9da3529dee09044df6e7d177df
-
SHA512
33e842c5c2eefb7e40d8f651535539cc151460106407501b22eb50cc7af4347db8048238c4d9387c8c3ac5b9158a532ceb07d37c2dd269da6c68de726921faad
-
Quasar Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-