General
-
Target
a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
-
Size
289KB
-
Sample
220201-p39m6shgf7
-
MD5
b95383c1150c479a59510aa1d8b34dfa
-
SHA1
369de7d721168d483111783cc2cfaa6f28e04a15
-
SHA256
a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
-
SHA512
c96c47e570caeb12bf5459fca7422a69626e1a57e45c6a9fb3f09d66a4f9effada3c639e8972d29ab8a7414ec1a7767b8a2f5ba795a78658092a0c45dec89bee
Behavioral task
behavioral1
Sample
a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5.exe
Resource
win7-en-20211208
Malware Config
Extracted
quasar
1.4.0.0
Infected
noinmy.ddns.net:9999
BW7JOTpOU1me7DhAhz
-
encryption_key
cuGnTFdzZchzOboCjJyu
-
install_name
dashost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WinServe
-
subdirectory
DAF
Targets
-
-
Target
a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
-
Size
289KB
-
MD5
b95383c1150c479a59510aa1d8b34dfa
-
SHA1
369de7d721168d483111783cc2cfaa6f28e04a15
-
SHA256
a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
-
SHA512
c96c47e570caeb12bf5459fca7422a69626e1a57e45c6a9fb3f09d66a4f9effada3c639e8972d29ab8a7414ec1a7767b8a2f5ba795a78658092a0c45dec89bee
-
Quasar Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-