General
-
Target
4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
-
Size
348KB
-
Sample
220324-kce9esedf8
-
MD5
4e22eda5918426ccbc58319c13978906
-
SHA1
080d364b894ee591be92afa782db2ae93192bea9
-
SHA256
4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
-
SHA512
03cc56592add96ea7d3fc592308c4043558b17b55cbe520c5e24764fb489dabfdbe51910a59d537b795073cb1ed6b10a3b703b68bf4a24fcfa91b91c3c875901
Behavioral task
behavioral1
Sample
4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f.exe
Resource
win7-20220311-en
Malware Config
Extracted
quasar
1.3.0.0
Test1
sharaga.ddns.net:25565
81.1.158.128:25565
QSR_MUTEX_2Wq2bcpv2N4Sls5IAl
-
encryption_key
3IYxH0O6qCkTu1k47KTz
-
install_name
java.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Java
-
subdirectory
.minecraft
Targets
-
-
Target
4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
-
Size
348KB
-
MD5
4e22eda5918426ccbc58319c13978906
-
SHA1
080d364b894ee591be92afa782db2ae93192bea9
-
SHA256
4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
-
SHA512
03cc56592add96ea7d3fc592308c4043558b17b55cbe520c5e24764fb489dabfdbe51910a59d537b795073cb1ed6b10a3b703b68bf4a24fcfa91b91c3c875901
Score10/10-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-