General
-
Target
9df4e1f2aca6df41008c405008749423352533359efba8e5ca865bf8f1f5cb8a
-
Size
454KB
-
Sample
220312-e1sxjafdh8
-
MD5
f227f29cfb2aa5df483628e9a13ba879
-
SHA1
bd23442d6ae60d3e3df7dfd6693245f97cd79533
-
SHA256
9df4e1f2aca6df41008c405008749423352533359efba8e5ca865bf8f1f5cb8a
-
SHA512
930599ce5fa347921885bf4ae2e9c3c621d23f43883e7790b0b380d71a6576ffc74d61f6b6dc02ad7a2ee16f8a7d4b85b436c29068f9f07873a96e69112415e2
Malware Config
Extracted
quasar
3.0
ZenoXpu
185.153.222.198:7845
HIFbOBRX8hIfqiy4wu
-
encryption_key
DQXvqTzM5uyODUsZK174
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
9df4e1f2aca6df41008c405008749423352533359efba8e5ca865bf8f1f5cb8a
-
Size
454KB
-
MD5
f227f29cfb2aa5df483628e9a13ba879
-
SHA1
bd23442d6ae60d3e3df7dfd6693245f97cd79533
-
SHA256
9df4e1f2aca6df41008c405008749423352533359efba8e5ca865bf8f1f5cb8a
-
SHA512
930599ce5fa347921885bf4ae2e9c3c621d23f43883e7790b0b380d71a6576ffc74d61f6b6dc02ad7a2ee16f8a7d4b85b436c29068f9f07873a96e69112415e2
Score10/10-
Quasar Payload
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
RevengeRAT
Remote-access trojan with a wide range of capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-