General
-
Target
aa14bc7fe4a9e56d75945dee38c3cf77.exe
-
Size
502KB
-
Sample
230202-2fcq5sge63
-
MD5
aa14bc7fe4a9e56d75945dee38c3cf77
-
SHA1
e86fee3cf8dec6a93ce0683f62f2601f23ce2ce6
-
SHA256
427decd0986270b1f3459b61c38d3abcbd68d3a1fb08ea39a9b681bb26ec1449
-
SHA512
327247f90d67d6b29acff6849cd825645fe85bfb4ee0ee875d0168271363e0c88c73c5826995f7051a1d1da2e74afeef19956133d5bcab4b3f641751ae9668e2
-
SSDEEP
6144:dTEgdc0YpXAGbgiIN2RSBTFwfEJGpRgbujeq5clcEqOb8F5egAM0+cTR3+:dTEgdfYlbgUR1u6pJAz+cd+
Behavioral task
behavioral1
Sample
aa14bc7fe4a9e56d75945dee38c3cf77.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0
Office04
20.223.155.39:8808
127.0. 0.1:8808
f0e07e87-d114-425a-9e4e-8911f3f02e74
-
encryption_key
93E24ACE7FFA02F1927A56C62CFEFABC58E6463E
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System
-
subdirectory
SubDir
Targets
-
-
Target
aa14bc7fe4a9e56d75945dee38c3cf77.exe
-
Size
502KB
-
MD5
aa14bc7fe4a9e56d75945dee38c3cf77
-
SHA1
e86fee3cf8dec6a93ce0683f62f2601f23ce2ce6
-
SHA256
427decd0986270b1f3459b61c38d3abcbd68d3a1fb08ea39a9b681bb26ec1449
-
SHA512
327247f90d67d6b29acff6849cd825645fe85bfb4ee0ee875d0168271363e0c88c73c5826995f7051a1d1da2e74afeef19956133d5bcab4b3f641751ae9668e2
-
SSDEEP
6144:dTEgdc0YpXAGbgiIN2RSBTFwfEJGpRgbujeq5clcEqOb8F5egAM0+cTR3+:dTEgdfYlbgUR1u6pJAz+cd+
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-