General
-
Target
09C580EA4063CB2F16BCE177151628D3E9C04A87BA2C0.exe
-
Size
6.6MB
-
Sample
230206-wpqrgafb93
-
MD5
81e1869c9f3495afba6c21bf71a10292
-
SHA1
b5c056e5cc14b88d5115a47a86b8df43c6b6eed1
-
SHA256
09c580ea4063cb2f16bce177151628d3e9c04a87ba2c0bcb7e6d1d588b8563ed
-
SHA512
8717f6db2c25eef0daba503270787e6590a4aaf3b6cfd622f1da2907a212e42e12394731d8a6b0486024c2e71677574011d25340870786f0551acee92402fe24
-
SSDEEP
196608:XqMIY4MLN9onJ5hrZEK3e9tGPqK6wTbPfFwc5CVsf5:gup9c5hlEK/PN6w3XCVm
Behavioral task
behavioral1
Sample
09C580EA4063CB2F16BCE177151628D3E9C04A87BA2C0.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
09C580EA4063CB2F16BCE177151628D3E9C04A87BA2C0.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
quasar
1.4.0
Office04
91.209.226.129:4477
aab8fb23-9414-4086-92a8-8f9df7355991
-
encryption_key
115C3BBD6300A13A8593E1EA090433CDAA8539CA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
09C580EA4063CB2F16BCE177151628D3E9C04A87BA2C0.exe
-
Size
6.6MB
-
MD5
81e1869c9f3495afba6c21bf71a10292
-
SHA1
b5c056e5cc14b88d5115a47a86b8df43c6b6eed1
-
SHA256
09c580ea4063cb2f16bce177151628d3e9c04a87ba2c0bcb7e6d1d588b8563ed
-
SHA512
8717f6db2c25eef0daba503270787e6590a4aaf3b6cfd622f1da2907a212e42e12394731d8a6b0486024c2e71677574011d25340870786f0551acee92402fe24
-
SSDEEP
196608:XqMIY4MLN9onJ5hrZEK3e9tGPqK6wTbPfFwc5CVsf5:gup9c5hlEK/PN6w3XCVm
-
Quasar payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-