General
-
Target
33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
-
Size
295KB
-
Sample
220620-alh2kaghbp
-
MD5
e8a1026d6d025f281c596870fc1185ad
-
SHA1
28e9f6bd76e161dab22829b3bff2af740de05ab1
-
SHA256
33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
-
SHA512
54ddb682f7b36aa6a514e391d296771a8c5f235e4de680d1a84961fe12b46ebd3bb83a9f775fcfe031db305d332b6db4669b12d55e284d178eb0d9bd859fca73
Static task
static1
Behavioral task
behavioral1
Sample
33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d.exe
Resource
win7-20220414-en
Malware Config
Extracted
quasar
1.4.0.0
CEO
198.46.235.194:1417
Hzd5ohpHyz0j9jlmB2
-
encryption_key
jKwpd9T86gptPthTAlIq
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
-
Size
295KB
-
MD5
e8a1026d6d025f281c596870fc1185ad
-
SHA1
28e9f6bd76e161dab22829b3bff2af740de05ab1
-
SHA256
33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
-
SHA512
54ddb682f7b36aa6a514e391d296771a8c5f235e4de680d1a84961fe12b46ebd3bb83a9f775fcfe031db305d332b6db4669b12d55e284d178eb0d9bd859fca73
-
Quasar Payload
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-