General
-
Target
8675a0ed2edce1803ae5f96d03dfa03a77c34175e11849ce2cd03f599d82fab2
-
Size
1.3MB
-
Sample
220708-kmlh7ahggp
-
MD5
665f76fdb041536c8352e56b941371c6
-
SHA1
4aa01474c068e39876db57d470986609510ae252
-
SHA256
8675a0ed2edce1803ae5f96d03dfa03a77c34175e11849ce2cd03f599d82fab2
-
SHA512
ed9b18711fcd5c486adb63ba512c9e63940fae6bfcd1bb36aad077bbd8596d28bc0c49ac065521d33e3d0c752cfc4e39c52488787a3e18e43f33e23f4692aec2
Static task
static1
Behavioral task
behavioral1
Sample
8675a0ed2edce1803ae5f96d03dfa03a77c34175e11849ce2cd03f599d82fab2.exe
Resource
win7-20220414-en
Malware Config
Extracted
quasar
1.4.0
jaxx
37.252.15.153:4782
26dddf54-58db-4e3b-b0ad-705c2fae2136
-
encryption_key
718C4C0AB5E0031DE1680A4C058AB14F833F009F
-
install_name
dentis.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
lsass System
-
subdirectory
Allmade
Targets
-
-
Target
8675a0ed2edce1803ae5f96d03dfa03a77c34175e11849ce2cd03f599d82fab2
-
Size
1.3MB
-
MD5
665f76fdb041536c8352e56b941371c6
-
SHA1
4aa01474c068e39876db57d470986609510ae252
-
SHA256
8675a0ed2edce1803ae5f96d03dfa03a77c34175e11849ce2cd03f599d82fab2
-
SHA512
ed9b18711fcd5c486adb63ba512c9e63940fae6bfcd1bb36aad077bbd8596d28bc0c49ac065521d33e3d0c752cfc4e39c52488787a3e18e43f33e23f4692aec2
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-