General
-
Target
262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
-
Size
299KB
-
Sample
220616-ldhxdafbe8
-
MD5
bb73586cedd8767a216880ba2a7c7750
-
SHA1
84a6c6c4908088349d5042f1a57374df7a8469f1
-
SHA256
262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
-
SHA512
721bf82d3dfc0b2943283c7c8c4bac7afe54e4e2d1772cf27a254e5bbb6bb89d9dd5c2464a026de8d838d455187cfac0a0864d7ec8d77273d96a4ba92afb07cd
Static task
static1
Behavioral task
behavioral1
Sample
262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada.exe
Resource
win7-20220414-en
Malware Config
Extracted
quasar
1.4.0.0
CEO
worldwide567678.zapto.org:1714
Hroy95BxsKwWGMw1fF
-
encryption_key
xFdMg8u08utwhtKUrD9B
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
-
Size
299KB
-
MD5
bb73586cedd8767a216880ba2a7c7750
-
SHA1
84a6c6c4908088349d5042f1a57374df7a8469f1
-
SHA256
262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
-
SHA512
721bf82d3dfc0b2943283c7c8c4bac7afe54e4e2d1772cf27a254e5bbb6bb89d9dd5c2464a026de8d838d455187cfac0a0864d7ec8d77273d96a4ba92afb07cd
-
Quasar Payload
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-