General
-
Target
30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668
-
Size
502KB
-
Sample
220504-bcxzsscgc7
-
MD5
e2a90c3e125ae445d0763f4caa47381b
-
SHA1
e53c0be113b08a33afadad940ed31f9843bfa5b7
-
SHA256
30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668
-
SHA512
af9c0026f44bdfe8c4f4ed37dfbe5fdfe4fb66652b79459539e7459f822b256dd1c50bee317ea7b37ad583e91cc9603bb9916b2ffa2ce8b941d53ac959ed6c95
Malware Config
Extracted
quasar
1.4.0
1
dlldns.duckdns.org:20000
whoru222.xyz:20000
whereami3.xyz:20000
letmerat.xyz:20000
selfdestructdns.xyz:20000
wtfimrich666.xyz:20000
p2x4y.xyz:21000
howmanytimes3.xyz:21000
ceeloblack.xyz:21000
thanksfam.xyz:21000
2e3c0776-66f3-4050-b059-b831e335e235
-
encryption_key
67DFA5AFA3111DA4B8B545C503A131C3C3D1E34C
-
install_name
WinUpdater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WinUpdater
-
subdirectory
WinUpdater
Targets
-
-
Target
30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668
-
Size
502KB
-
MD5
e2a90c3e125ae445d0763f4caa47381b
-
SHA1
e53c0be113b08a33afadad940ed31f9843bfa5b7
-
SHA256
30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668
-
SHA512
af9c0026f44bdfe8c4f4ed37dfbe5fdfe4fb66652b79459539e7459f822b256dd1c50bee317ea7b37ad583e91cc9603bb9916b2ffa2ce8b941d53ac959ed6c95
Score10/10-
Quasar Payload
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-