General
-
Target
d4771dbf9066fec456aba9736643c4f5b9578fdecb4a475e6aff737323e37fe4
-
Size
141KB
-
Sample
220504-a63xgafdfj
-
MD5
4d28365c5342f773b394205ef9eaec69
-
SHA1
d6e066005bb5b69d5dbc5088f214012a7ab8b080
-
SHA256
d4771dbf9066fec456aba9736643c4f5b9578fdecb4a475e6aff737323e37fe4
-
SHA512
b3c4df7e68555ad04204ea798fe737ea2bc9d63400e81d02f7fdfe1b4c7e45a19436d7d3c51f355d2a1306eae1bd0912155760067e6d57b62cf98c519b70ef3e
Static task
static1
Malware Config
Extracted
quasar
1.4.0
1
dlldns.duckdns.org:20000
whoru222.xyz:20000
whereami3.xyz:20000
letmerat.xyz:20000
selfdestructdns.xyz:20000
wtfimrich666.xyz:20000
p2x4y.xyz:21000
howmanytimes3.xyz:21000
ceeloblack.xyz:21000
thanksfam.xyz:21000
2e3c0776-66f3-4050-b059-b831e335e235
-
encryption_key
67DFA5AFA3111DA4B8B545C503A131C3C3D1E34C
-
install_name
WinUpdater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WinUpdater
-
subdirectory
WinUpdater
Targets
-
-
Target
d4771dbf9066fec456aba9736643c4f5b9578fdecb4a475e6aff737323e37fe4
-
Size
141KB
-
MD5
4d28365c5342f773b394205ef9eaec69
-
SHA1
d6e066005bb5b69d5dbc5088f214012a7ab8b080
-
SHA256
d4771dbf9066fec456aba9736643c4f5b9578fdecb4a475e6aff737323e37fe4
-
SHA512
b3c4df7e68555ad04204ea798fe737ea2bc9d63400e81d02f7fdfe1b4c7e45a19436d7d3c51f355d2a1306eae1bd0912155760067e6d57b62cf98c519b70ef3e
-
Modifies visiblity of hidden/system files in Explorer
-
Quasar Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-