General
-
Target
4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
-
Size
348KB
-
Sample
220524-tw2q7shdg5
-
MD5
6e5fef5da8810aa3fffad5a486c68cf3
-
SHA1
70f6507e9b2644fbcb75c78c6660dbdca4da5ef0
-
SHA256
4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
-
SHA512
94dec0822aef151ec843732e9f13d550c59bb4575f8fff7822f5c2bf4d36854dc0c4061dbbcd6c2377aaac77ad86aa48092515fdc7388148e76db96f8417d027
Behavioral task
behavioral1
Sample
4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa.exe
Resource
win7-20220414-en
Malware Config
Extracted
quasar
1.1.0.0
System
82.202.167.203:4444
xTSR_MUTEX_JOBXsgj4pMGMmIDVNc
-
encryption_key
eu7tm2CUeFG5FGwJlQkW
-
install_name
core.exe
-
log_directory
logs
-
reconnect_delay
3000
-
startup_key
System Core
-
subdirectory
system
Targets
-
-
Target
4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
-
Size
348KB
-
MD5
6e5fef5da8810aa3fffad5a486c68cf3
-
SHA1
70f6507e9b2644fbcb75c78c6660dbdca4da5ef0
-
SHA256
4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
-
SHA512
94dec0822aef151ec843732e9f13d550c59bb4575f8fff7822f5c2bf4d36854dc0c4061dbbcd6c2377aaac77ad86aa48092515fdc7388148e76db96f8417d027
-
Quasar Payload
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-