General
-
Target
tmp
-
Size
542KB
-
Sample
221017-e6te9aaggj
-
MD5
186564601c2f222119117fb148add063
-
SHA1
3e18d54d5a459dfe2348d42a7ab9d0fa80ab79b4
-
SHA256
9d2d44a8cb4c44032550715e8598ae5a3254ee60e6ff95e4deb2d7c957419890
-
SHA512
3fa611f004c358596bcd361baffba12f405035430caebc13f88a3a67f2952144ceabd139fca9f35afbb8d21563108a0131f62b1675c911b36a952e47cf1187d6
-
SSDEEP
6144:k9gebGbXOsA6j1RdheM+DvdggmcvNY2GIKSLcEu0b8FSBp9rhMOkrcTR3A1TEgdA:3A623gWLefCfXkrcdA1TEgdfYf
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0
2022
gh0008888.ddns.net:2888
wc-ltc.ddns.net:2888
8eaef1fe-37f7-4e61-a64a-362606e0ef72
-
encryption_key
4BF9DE9DE710A8249A32AFF5A8A36A68EB5C6E1A
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
C:\Windows\Fonts\system
Targets
-
-
Target
tmp
-
Size
542KB
-
MD5
186564601c2f222119117fb148add063
-
SHA1
3e18d54d5a459dfe2348d42a7ab9d0fa80ab79b4
-
SHA256
9d2d44a8cb4c44032550715e8598ae5a3254ee60e6ff95e4deb2d7c957419890
-
SHA512
3fa611f004c358596bcd361baffba12f405035430caebc13f88a3a67f2952144ceabd139fca9f35afbb8d21563108a0131f62b1675c911b36a952e47cf1187d6
-
SSDEEP
6144:k9gebGbXOsA6j1RdheM+DvdggmcvNY2GIKSLcEu0b8FSBp9rhMOkrcTR3A1TEgdA:3A623gWLefCfXkrcdA1TEgdfYf
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Quasar payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-