General
-
Target
0x000b000000013a03-341.dat
-
Size
502KB
-
Sample
221101-m3jewabbc2
-
MD5
254850c126b7dd70bc258b16a5fa029c
-
SHA1
993c0147f75530ae0d3c45a971abe71eb0a8a68e
-
SHA256
064abdb50b3a06bc95b60e28b37e371af3ab7fe0918e5337713d94a686d25740
-
SHA512
eb2d44ee1c67c247fc184f38764c762a04266773d8669e488d78f0a777d28c26a31033d8b1ec5bc36896f4ef8098fa641210919798bd2722a5b15e2dd1bba8cf
-
SSDEEP
6144:dTEgdc0Y2X7IxUpGREWln6OmdBizR5EtqD+yw4FUcEJOb8F9o46cIZFcTR3+:dTEgdfYXxUc6OBw4qyw15pedcIDcd+
Behavioral task
behavioral1
Sample
0x000b000000013a03-341.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0x000b000000013a03-341.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
quasar
1.4.0
r77Version
179.43.187.19:2326
d6db683c-9b85-4417-b1a3-4ff8bec1d98b
-
encryption_key
83FE26AAD844F101036726AFCD7F28CF377D20AF
-
install_name
$77Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
$77Client
-
subdirectory
$77win
Targets
-
-
Target
0x000b000000013a03-341.dat
-
Size
502KB
-
MD5
254850c126b7dd70bc258b16a5fa029c
-
SHA1
993c0147f75530ae0d3c45a971abe71eb0a8a68e
-
SHA256
064abdb50b3a06bc95b60e28b37e371af3ab7fe0918e5337713d94a686d25740
-
SHA512
eb2d44ee1c67c247fc184f38764c762a04266773d8669e488d78f0a777d28c26a31033d8b1ec5bc36896f4ef8098fa641210919798bd2722a5b15e2dd1bba8cf
-
SSDEEP
6144:dTEgdc0Y2X7IxUpGREWln6OmdBizR5EtqD+yw4FUcEJOb8F9o46cIZFcTR3+:dTEgdfYXxUc6OBw4qyw15pedcIDcd+
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-