General
-
Target
0a122731e6e699c540c78754df8e3424f648a462b7ecf2e86c970faa81d24c1f
-
Size
1.7MB
-
Sample
230129-r7qf7sbe68
-
MD5
4ef8fbb16a16b76bc9700607ec6c4c21
-
SHA1
7239208f8303c425034fb9dc2e72c97a1ebd1690
-
SHA256
0a122731e6e699c540c78754df8e3424f648a462b7ecf2e86c970faa81d24c1f
-
SHA512
354650516c0a6bbb0225d9ca7fd51fcc7b00ea3cae165c1a94257eb1a92edb7f7d549050ce03337c5eccf266f65d39c3c91d73c6a216511c2777a509953114f3
-
SSDEEP
24576:J3la0TCZvSxjesdqxX7TySb3m8d4c5S3pHlWtr+DAJHGIxVkiLaoKUNtXa64F7:BGZvgtE5TDm8d4c2HlWsDyHtSoKSC
Static task
static1
Behavioral task
behavioral1
Sample
0a122731e6e699c540c78754df8e3424f648a462b7ecf2e86c970faa81d24c1f.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0
Office04
useittoday.ddns.net:7777
e5ef083e-30c5-4583-b64d-761bdbc25eab
-
encryption_key
3A888BF4CE1BF01F1EE6502467C30202D4F3D1EC
-
install_name
chrome.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Google Chrome
-
subdirectory
SubDir
Targets
-
-
Target
0a122731e6e699c540c78754df8e3424f648a462b7ecf2e86c970faa81d24c1f
-
Size
1.7MB
-
MD5
4ef8fbb16a16b76bc9700607ec6c4c21
-
SHA1
7239208f8303c425034fb9dc2e72c97a1ebd1690
-
SHA256
0a122731e6e699c540c78754df8e3424f648a462b7ecf2e86c970faa81d24c1f
-
SHA512
354650516c0a6bbb0225d9ca7fd51fcc7b00ea3cae165c1a94257eb1a92edb7f7d549050ce03337c5eccf266f65d39c3c91d73c6a216511c2777a509953114f3
-
SSDEEP
24576:J3la0TCZvSxjesdqxX7TySb3m8d4c5S3pHlWtr+DAJHGIxVkiLaoKUNtXa64F7:BGZvgtE5TDm8d4c2HlWsDyHtSoKSC
-
Quasar payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-