General
-
Target
d0e1019396782435f18448f916bbd03371d132965538f9244f726ff240a6582f
-
Size
786KB
-
Sample
220725-et6j2sedhl
-
MD5
0acf6ea8ea82fd3aae0da111f91e0052
-
SHA1
7a04c82c0081741a3fe211a7eda63584937ddea5
-
SHA256
d0e1019396782435f18448f916bbd03371d132965538f9244f726ff240a6582f
-
SHA512
da5d1d3cd47af8e66bc21ba33bc66782474c728a009f78b6040350107ffa4a8075bf6c0c70e383db62ab5e7ee7de681bf52f7d24bb0174cc8802e320505ced57
Static task
static1
Behavioral task
behavioral1
Sample
d0e1019396782435f18448f916bbd03371d132965538f9244f726ff240a6582f.exe
Resource
win7-20220718-en
Malware Config
Extracted
quasar
1.3.0.0
Wallets
mailsdc61.ga:5490
QSR_MUTEX_AlGzVdofAbXTg5UjU1
-
encryption_key
kjsUY5tlvrmAWR8ZxfU3
-
install_name
skype.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
skype
-
subdirectory
AppData
Targets
-
-
Target
d0e1019396782435f18448f916bbd03371d132965538f9244f726ff240a6582f
-
Size
786KB
-
MD5
0acf6ea8ea82fd3aae0da111f91e0052
-
SHA1
7a04c82c0081741a3fe211a7eda63584937ddea5
-
SHA256
d0e1019396782435f18448f916bbd03371d132965538f9244f726ff240a6582f
-
SHA512
da5d1d3cd47af8e66bc21ba33bc66782474c728a009f78b6040350107ffa4a8075bf6c0c70e383db62ab5e7ee7de681bf52f7d24bb0174cc8802e320505ced57
-
Quasar payload
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-