General
-
Target
tmp
-
Size
344KB
-
Sample
221123-qv9tmsfa32
-
MD5
697898102d367f3a5fb7f790d199112e
-
SHA1
ee94d4ade21d267503869c47a3b61ff30bb6305d
-
SHA256
8ad32ff282a91fd4dcc732cab9c853db3c0085dec8bbabb5388553938fd42f60
-
SHA512
752fead6eff8116e5caf37d2c9af5f01bf756ec00e5bc98dabe72d552546e4537ef0d040c1f049e9707b536833abdd0b0f94ff4b4eb5cd2fa63cef22bb918b13
-
SSDEEP
6144:7zkVzIZzF1Pq2o2zlOlqZ+Tz3RNGfbQpNsYsoSA7fiCEq/ab:Dh1P22zlkTNsY/iy/ab
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.3.0.0
OfficeBOX
185.81.157.174:4554
QSR_MUTEX_xSMql9r0AKSYarKyPE
-
encryption_key
RQ0DJiJOKJWym1FwBiYm
-
install_name
Clientchrome.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ChromeClient Startup
-
subdirectory
SubDir
Targets
-
-
Target
tmp
-
Size
344KB
-
MD5
697898102d367f3a5fb7f790d199112e
-
SHA1
ee94d4ade21d267503869c47a3b61ff30bb6305d
-
SHA256
8ad32ff282a91fd4dcc732cab9c853db3c0085dec8bbabb5388553938fd42f60
-
SHA512
752fead6eff8116e5caf37d2c9af5f01bf756ec00e5bc98dabe72d552546e4537ef0d040c1f049e9707b536833abdd0b0f94ff4b4eb5cd2fa63cef22bb918b13
-
SSDEEP
6144:7zkVzIZzF1Pq2o2zlOlqZ+Tz3RNGfbQpNsYsoSA7fiCEq/ab:Dh1P22zlkTNsY/iy/ab
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-