General
-
Target
857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
-
Size
401KB
-
Sample
220312-v1lq8abafn
-
MD5
e514b9b328bcebbfafc9a9f9bded8324
-
SHA1
45e608a882de0a203ddde9ff5efa2b79ca48350c
-
SHA256
857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
-
SHA512
548698b0f45b5e080ea7a9903f51399290c11f9f31e3633351d48304ddba5363a1065a8f32114db124963827e902558cdab4f0ca9ca26b4ba118e46b16b4a703
Static task
static1
Behavioral task
behavioral1
Sample
857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
quasar
3.0
ZenoXpu
185.153.222.198:7845
HIFbOBRX8hIfqiy4wu
-
encryption_key
DQXvqTzM5uyODUsZK174
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
-
Size
401KB
-
MD5
e514b9b328bcebbfafc9a9f9bded8324
-
SHA1
45e608a882de0a203ddde9ff5efa2b79ca48350c
-
SHA256
857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
-
SHA512
548698b0f45b5e080ea7a9903f51399290c11f9f31e3633351d48304ddba5363a1065a8f32114db124963827e902558cdab4f0ca9ca26b4ba118e46b16b4a703
Score10/10-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-