General
-
Target
b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34
-
Size
983KB
-
Sample
230129-1bbslsdd68
-
MD5
d87b2ef3227b9fa712f51714bbe8e337
-
SHA1
a06b25c0cf16f967ef40c4832dd43bca88f2147d
-
SHA256
b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34
-
SHA512
66fb810ae7d5111a6da552fca4644370a367922583aba20c453d68ce74c6dba0216d418f03683ea50924149e4232d9d2a5708d305f7c5d611feb13b967170716
-
SSDEEP
24576:Q+tPSg5/YGpKxU8zx+uf8j4L/AlxNemsDSdGsr:XtPS9K8FbUjgAlxNfs+Z
Static task
static1
Behavioral task
behavioral1
Sample
b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
quasar
1.3.0.0
test 1
192.168.68.109:8080
QSR_MUTEX_mEw8e7d5JFnWElKx6H
-
encryption_key
sh96FHUHgXB5ZJsysAr5
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34
-
Size
983KB
-
MD5
d87b2ef3227b9fa712f51714bbe8e337
-
SHA1
a06b25c0cf16f967ef40c4832dd43bca88f2147d
-
SHA256
b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34
-
SHA512
66fb810ae7d5111a6da552fca4644370a367922583aba20c453d68ce74c6dba0216d418f03683ea50924149e4232d9d2a5708d305f7c5d611feb13b967170716
-
SSDEEP
24576:Q+tPSg5/YGpKxU8zx+uf8j4L/AlxNemsDSdGsr:XtPS9K8FbUjgAlxNfs+Z
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-