General
-
Target
42501e281de15d0331a70d0b34b94b8b.exe
-
Size
348KB
-
Sample
220922-kxp95aefcq
-
MD5
42501e281de15d0331a70d0b34b94b8b
-
SHA1
c9ae2a74d0e25e0d2c4946917767d46d33e208cc
-
SHA256
b85d366a889518edf0a9899e2120de042965a72fc60c8795a2f9bd6eee96d58c
-
SHA512
aaea1b070c6560264d2875b7fb355820af4ceab172ff4c5a6b21d893ec4955419c7b673bedae66beae5626dbbacf1c6fe7860008b49029275016c4ac97392f74
-
SSDEEP
6144:j+NHXf500Mh9fsD02Sp1bS6Zh4SRy80WUw7K:yd50ODqhZh4SYXw7K
Behavioral task
behavioral1
Sample
42501e281de15d0331a70d0b34b94b8b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
42501e281de15d0331a70d0b34b94b8b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
quasar
1.3.0.0
Godbless my Hustle
mill.hopto.org:7773
QSR_MUTEX_IYpAlOHqocnX5nf6J7
-
encryption_key
4AVo5Pq15qMZSQfQWCXf
-
install_name
Client.exe
-
log_directory
Ll
-
reconnect_delay
123
-
startup_key
str
-
subdirectory
SubDir
Targets
-
-
Target
42501e281de15d0331a70d0b34b94b8b.exe
-
Size
348KB
-
MD5
42501e281de15d0331a70d0b34b94b8b
-
SHA1
c9ae2a74d0e25e0d2c4946917767d46d33e208cc
-
SHA256
b85d366a889518edf0a9899e2120de042965a72fc60c8795a2f9bd6eee96d58c
-
SHA512
aaea1b070c6560264d2875b7fb355820af4ceab172ff4c5a6b21d893ec4955419c7b673bedae66beae5626dbbacf1c6fe7860008b49029275016c4ac97392f74
-
SSDEEP
6144:j+NHXf500Mh9fsD02Sp1bS6Zh4SRy80WUw7K:yd50ODqhZh4SYXw7K
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-