General
-
Target
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
-
Size
348KB
-
Sample
220201-p3672sheeq
-
MD5
976abfeee6afe436cb09e480baa0f072
-
SHA1
460f1b15acf310a4a648b26c80efd21ebe94cac0
-
SHA256
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
-
SHA512
8c81efc4e102f9a66eb1626a126b59f21d37b277183c2364386988fc53e6fd07f08a2d730c9f45aa43619ec551dcf53b663bfe470998ac187df422feb0d274c1
Behavioral task
behavioral1
Sample
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa.exe
Resource
win7-en-20211208
Malware Config
Extracted
quasar
1.3.0.0
Ps
45.74.53.124:4782
s5v8y/B?E(H+MbQeThWmZq3t6w9z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgV
-
encryption_key
sEybIz3EK3xXIpG2z1h2
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
-
Size
348KB
-
MD5
976abfeee6afe436cb09e480baa0f072
-
SHA1
460f1b15acf310a4a648b26c80efd21ebe94cac0
-
SHA256
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
-
SHA512
8c81efc4e102f9a66eb1626a126b59f21d37b277183c2364386988fc53e6fd07f08a2d730c9f45aa43619ec551dcf53b663bfe470998ac187df422feb0d274c1
-
Quasar Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-