General
-
Target
b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
-
Size
579KB
-
Sample
220420-cvfc5shbh9
-
MD5
3c0dcdaaf8330afaafea0a32e7fcf796
-
SHA1
5afc03feeb3f7a6ab21c407390aa3b362efa298e
-
SHA256
b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
-
SHA512
1103c06205c4109ce0864dc0b63cc26c927e9b0403ef5b7968bae5db73eb89cd48a982b494911c7d47d4f978009c8a69e0c46fc2b47d8862031c1a1c39e56c7f
Static task
static1
Behavioral task
behavioral1
Sample
b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5.exe
Resource
win7-20220414-en
Malware Config
Extracted
quasar
1.4.0
Slaves
167.99.143.40:4782
3f22fe3b-ed4b-4d8f-aafd-0cb32a5b2a59
-
encryption_key
50EBC6B1CB2169396FC0A221D6DC6B60DDBC9D1F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Start
-
subdirectory
SubDir
Targets
-
-
Target
b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
-
Size
579KB
-
MD5
3c0dcdaaf8330afaafea0a32e7fcf796
-
SHA1
5afc03feeb3f7a6ab21c407390aa3b362efa298e
-
SHA256
b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
-
SHA512
1103c06205c4109ce0864dc0b63cc26c927e9b0403ef5b7968bae5db73eb89cd48a982b494911c7d47d4f978009c8a69e0c46fc2b47d8862031c1a1c39e56c7f
-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-