General
-
Target
aee53c247ee210c7a3189b41d117c71f0b962f49da436bf2c57e9934316e6070
-
Size
16.1MB
-
Sample
230129-wtqx2aaa2x
-
MD5
e8e93631767c8b5b5a4afcef0fbd93e0
-
SHA1
02baffbc04e9ca472288c13111134cebd478e5e7
-
SHA256
aee53c247ee210c7a3189b41d117c71f0b962f49da436bf2c57e9934316e6070
-
SHA512
cce3d2ea73b611118b8b18ab51771c386b6bbef159aeea04b183c04727bbb8658a151ed879a89c479bf2fdde32023235fae9802f6e1ecd9b98c2048230150360
-
SSDEEP
196608:U+b8ve9Ab5jb55ix+eew2dS4+ipkAipckp:U48ve9w0ewK/dup/p
Static task
static1
Behavioral task
behavioral1
Sample
aee53c247ee210c7a3189b41d117c71f0b962f49da436bf2c57e9934316e6070.exe
Resource
win7-20221111-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
185.174.172.24:222
QSR_MUTEX_l4Q4az83wPO98KUwCA
-
encryption_key
rJLmSNNfkwxt1O20iBU6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
aee53c247ee210c7a3189b41d117c71f0b962f49da436bf2c57e9934316e6070
-
Size
16.1MB
-
MD5
e8e93631767c8b5b5a4afcef0fbd93e0
-
SHA1
02baffbc04e9ca472288c13111134cebd478e5e7
-
SHA256
aee53c247ee210c7a3189b41d117c71f0b962f49da436bf2c57e9934316e6070
-
SHA512
cce3d2ea73b611118b8b18ab51771c386b6bbef159aeea04b183c04727bbb8658a151ed879a89c479bf2fdde32023235fae9802f6e1ecd9b98c2048230150360
-
SSDEEP
196608:U+b8ve9Ab5jb55ix+eew2dS4+ipkAipckp:U48ve9w0ewK/dup/p
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-