General
-
Target
7411c8d36761ca9edc88373cfc7a3cb7.exe
-
Size
347KB
-
Sample
211222-xgzvvagfdk
-
MD5
7411c8d36761ca9edc88373cfc7a3cb7
-
SHA1
8b31d6b61ee03da19817d3ffd59c0aa41ef32d81
-
SHA256
5ab1aac03c053e025319aac9bbe317a163d56bf4657819c6a43ffb97099ec322
-
SHA512
37f29a792ca641f29144032575f7f42ced5345c541cbdad33e935ef7b5b70d6b5623196596587be95ef00a86a58d604c295c1fcc4a9b159b80cc273fe1623342
Behavioral task
behavioral1
Sample
7411c8d36761ca9edc88373cfc7a3cb7.exe
Resource
win7-en-20211208
Malware Config
Extracted
quasar
1.3.0.0
SUCCESS
jerenyankipong.duckdns.org:4782
MUTEX_jh9iPmixBt74IpSqEj
-
encryption_key
uO9yacYVMmi8921rParX
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
cmd
-
subdirectory
SubDir
Targets
-
-
Target
7411c8d36761ca9edc88373cfc7a3cb7.exe
-
Size
347KB
-
MD5
7411c8d36761ca9edc88373cfc7a3cb7
-
SHA1
8b31d6b61ee03da19817d3ffd59c0aa41ef32d81
-
SHA256
5ab1aac03c053e025319aac9bbe317a163d56bf4657819c6a43ffb97099ec322
-
SHA512
37f29a792ca641f29144032575f7f42ced5345c541cbdad33e935ef7b5b70d6b5623196596587be95ef00a86a58d604c295c1fcc4a9b159b80cc273fe1623342
-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-