General
-
Target
d9f5f1872cebecbcaa556c1d5371961731a7614fd141ba5040091a6e37b9346c
-
Size
1.5MB
-
Sample
220525-axcnxsdcc5
-
MD5
f822f2ba51ac484e1e32cabfcf78e240
-
SHA1
5388a244ef7be66d3fc8e58e54c9f44dfc2e6396
-
SHA256
d9f5f1872cebecbcaa556c1d5371961731a7614fd141ba5040091a6e37b9346c
-
SHA512
671108fcb2b89bc06430df1cdd2ffc95ab9340bd01d394ba1c026b84689e54dadf1ac659852270a14a49d6a22fa6ac8f3192264f51c1c5dd36bc7df9375ee87c
Static task
static1
Behavioral task
behavioral1
Sample
d9f5f1872cebecbcaa556c1d5371961731a7614fd141ba5040091a6e37b9346c.exe
Resource
win7-20220414-en
Malware Config
Extracted
quasar
1.3.0.0
Office01
174.139.46.13:4782
QSR_MUTEX_mK2M7xovgh7rCUSa7M
-
encryption_key
0icGYPYyleDgljf1p7Zu
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft Store
-
subdirectory
Windows
Targets
-
-
Target
d9f5f1872cebecbcaa556c1d5371961731a7614fd141ba5040091a6e37b9346c
-
Size
1.5MB
-
MD5
f822f2ba51ac484e1e32cabfcf78e240
-
SHA1
5388a244ef7be66d3fc8e58e54c9f44dfc2e6396
-
SHA256
d9f5f1872cebecbcaa556c1d5371961731a7614fd141ba5040091a6e37b9346c
-
SHA512
671108fcb2b89bc06430df1cdd2ffc95ab9340bd01d394ba1c026b84689e54dadf1ac659852270a14a49d6a22fa6ac8f3192264f51c1c5dd36bc7df9375ee87c
-
Quasar Payload
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-