General
-
Target
55e326edd8ef12202de73dbc00c036fc01b17e808b3553080279f49946800eb3
-
Size
6.6MB
-
Sample
220520-rsgkrabccj
-
MD5
3591f0e7626a03ee957de228012bb4d1
-
SHA1
1c2c2f937042ead9defd36219834814afea17d6c
-
SHA256
55e326edd8ef12202de73dbc00c036fc01b17e808b3553080279f49946800eb3
-
SHA512
a9ca0c7bea8d44c2a72cf9fd8dcdbe6e8a75041268a738817e0be100b0f9d3056e43737ef443b0635b81402708baf5faef19e74012f94b6d7b5b4e5549625bcb
Static task
static1
Behavioral task
behavioral1
Sample
teamredminer-v0.3.4-win/start_cnv8.bat
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
teamredminer-v0.3.4-win/start_cnv8.bat
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
teamredminer-v0.3.4-win/start_phi2.bat
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
teamredminer-v0.3.4-win/start_phi2.bat
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
teamredminer-v0.3.4-win/teamredminer.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
teamredminer-v0.3.4-win/teamredminer.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
quasar
1.3.0.0
dendi
185.244.217.92:4782
QSR_MUTEX_LTcjNqRb6NS57npmpd
-
encryption_key
YaVqqMF3gVTZOI5Xevop
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
teamredminer-v0.3.4-win/start_cnv8.bat
-
Size
1KB
-
MD5
2a3678b82753d786ac3a98c6ae19cc49
-
SHA1
274dddcba965bf2949d64c687e719cb66030b484
-
SHA256
ee912ceb57f257d5a6a3911b0954aa4de7d8eb46dd6e1bb8d6f245a2c400f404
-
SHA512
1b31a7a5083606966f92814901f66e9266c16733669027171fbd21ed0ac4f981f0d0426ebe8d2544b2cd32fa03352d1f43fc17cf0372eb9f6cd2383bd916df1e
-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
teamredminer-v0.3.4-win/start_phi2.bat
-
Size
927B
-
MD5
2f5b96aaa09dae557f546301a20f9dfb
-
SHA1
8c230a96d946d347689b0edb255b24d7182c7cc7
-
SHA256
5b8b3795c0b2f91f0521de9f26588b0a2dc314e2a74ec73609ff8b8d14dfe6b8
-
SHA512
b608ffb452e93f621f1c4422a24909ffcf2ab0008377abd4873f13bbb567f4ffd652d2b2dec525c12473b61b54125bc232e4ca545d6bbcfa9c7c4126288ae7cd
-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
teamredminer-v0.3.4-win/teamredminer.exe
-
Size
6.7MB
-
MD5
cce80dbe14de96ca15817477b0ac8c03
-
SHA1
1824ea8e2d15183458e03d40605a097d32565f64
-
SHA256
f83e0cb2498d6a7044809bf234e29208b193022b2485a0695f2671e061a7272e
-
SHA512
d52713b297741a8f15092819b3a8f3e56651ce41ef86f29b484c0f9d4536b8b6cf763f88069a030f9a4995f2e2b8040a0c7a50e90c049483bc68933798219635
-
Quasar Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-