General
-
Target
dce3b8f6c67292d33c786fe0e92b9df5c63975c5e89a74fe4115defb56c66995
-
Size
763KB
-
Sample
220731-kpqwpahggk
-
MD5
0cd6977068202fb2a7b3ab7c552ec508
-
SHA1
d012374c33fdb7337412c92f7fa4eb9ad2dd2068
-
SHA256
dce3b8f6c67292d33c786fe0e92b9df5c63975c5e89a74fe4115defb56c66995
-
SHA512
3a85063893354d7946e3e1a7828592e5319668ce4b732b35376be5039a875d8c1216fd4c823b8d4122f693e5941694fcef382f6ddc1b15c2ba66c63d6c75c2b5
Static task
static1
Behavioral task
behavioral1
Sample
dce3b8f6c67292d33c786fe0e92b9df5c63975c5e89a74fe4115defb56c66995.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
dce3b8f6c67292d33c786fe0e92b9df5c63975c5e89a74fe4115defb56c66995.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
quasar
1.4.0.0
Slave
167.99.251.51:3693
iyE19BRC25gRWkYEfy
-
encryption_key
bbCsAyVHv9b0Y3vfJLN0
-
install_name
Client.exe
-
log_directory
Explorer
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
dce3b8f6c67292d33c786fe0e92b9df5c63975c5e89a74fe4115defb56c66995
-
Size
763KB
-
MD5
0cd6977068202fb2a7b3ab7c552ec508
-
SHA1
d012374c33fdb7337412c92f7fa4eb9ad2dd2068
-
SHA256
dce3b8f6c67292d33c786fe0e92b9df5c63975c5e89a74fe4115defb56c66995
-
SHA512
3a85063893354d7946e3e1a7828592e5319668ce4b732b35376be5039a875d8c1216fd4c823b8d4122f693e5941694fcef382f6ddc1b15c2ba66c63d6c75c2b5
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-