General
-
Target
windows.bin
-
Size
502KB
-
Sample
220830-jzz2nsebaj
-
MD5
c45ea5a089de4c676e46cfb5e21364bf
-
SHA1
c4665e00632e585d3f984cbf77cae6c8ad17f9ba
-
SHA256
005e49af315f639eb7f502317334698ae19f5118454146ff3af18968aa1b01b1
-
SHA512
f0444698cc7a5b3bccf8abf2b49a4354af29d9053dbada901e1aeaeb41f7f720bee51421f91edd2e17cbe287c6e7cf733faa80e1e8bf1a87a36f975f591d1a56
-
SSDEEP
6144:BTEgdc0YrX7IxUpGREWtDWDq6v0++75Grj2OScExTb8F9LFfMqFcTR3n:BTEgdfYIxU9DujholFkqFcdn
Behavioral task
behavioral1
Sample
windows.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0
Hacked
buihieu.ddns.net:5678
8cf52b9c-351a-43a7-b667-3da25dd56137
-
encryption_key
6F199BD1CDDD4176E76A08D4A433D5065CE026D9
-
install_name
Windows.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
System32
-
subdirectory
Windows
Targets
-
-
Target
windows.bin
-
Size
502KB
-
MD5
c45ea5a089de4c676e46cfb5e21364bf
-
SHA1
c4665e00632e585d3f984cbf77cae6c8ad17f9ba
-
SHA256
005e49af315f639eb7f502317334698ae19f5118454146ff3af18968aa1b01b1
-
SHA512
f0444698cc7a5b3bccf8abf2b49a4354af29d9053dbada901e1aeaeb41f7f720bee51421f91edd2e17cbe287c6e7cf733faa80e1e8bf1a87a36f975f591d1a56
-
SSDEEP
6144:BTEgdc0YrX7IxUpGREWtDWDq6v0++75Grj2OScExTb8F9LFfMqFcTR3n:BTEgdfYIxU9DujholFkqFcdn
-
Quasar payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-