General
-
Target
tmp
-
Size
505KB
-
Sample
220302-dpm2gacfa2
-
MD5
56fdac38d6004e0bc5fb2d5c961322e2
-
SHA1
470111decd8883231c720a05eab77032e8b77250
-
SHA256
cd2a19b6db25d50aa3413300fe5d1183a082a388e9b12d47fbb6ef765e1c819a
-
SHA512
3c9f4534c275f09935dc38853e9733145ade98ef53cb4d6f7cd4d530d938c4e00117f995778d343285e3e2829fbceab3681e43772cff91fba7d41ba81c3a60dc
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-en-20211208
Malware Config
Extracted
quasar
1.4.0
new1
bigrussianfloppa.duckdns.org:1004
a8db07ed-e16a-4405-a04c-3980d567bfdb
-
encryption_key
49FAF85C97BB43AF1E641011D48AB0EBC58C478E
-
install_name
java.exe
-
log_directory
logz
-
reconnect_delay
300
-
startup_key
Java
-
subdirectory
JavaTools
Targets
-
-
Target
tmp
-
Size
505KB
-
MD5
56fdac38d6004e0bc5fb2d5c961322e2
-
SHA1
470111decd8883231c720a05eab77032e8b77250
-
SHA256
cd2a19b6db25d50aa3413300fe5d1183a082a388e9b12d47fbb6ef765e1c819a
-
SHA512
3c9f4534c275f09935dc38853e9733145ade98ef53cb4d6f7cd4d530d938c4e00117f995778d343285e3e2829fbceab3681e43772cff91fba7d41ba81c3a60dc
-
Quasar Payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-