General
-
Target
2000-68-0x0000000004390000-0x0000000004414000-memory.dmp
-
Size
528KB
-
Sample
230206-wtd88sae2s
-
MD5
05a821b048d45593586e283834af604a
-
SHA1
2c1fd4517b43cd1237f788a07fa03a9571238bff
-
SHA256
8646623dcb870cff84446170f9b4216764821dc8976bdbb1ad7c2932b1ea4c47
-
SHA512
34de8cbd9196b5b0a2d8c959f29203d8fb3c6f9f2a473b9d24bd2af80568e8c128b6c3d9ef0a02ff82456d124b4505baaf22214bd0d7c2b46f114de2a3ad6690
-
SSDEEP
6144:kTEgdc0YYXAGbgiIN2RSBrF8gOfYNw0FdGDTjB2rpYorUicE1QYb8F9tb7VI8cT0:kTEgdfYqbgfFTbFYTmYeW7Pq8cdy
Behavioral task
behavioral1
Sample
2000-68-0x0000000004390000-0x0000000004414000-memory.exe
Resource
win7-20221111-en
Malware Config
Extracted
quasar
1.4.0
Office04
91.209.226.129:4477
aab8fb23-9414-4086-92a8-8f9df7355991
-
encryption_key
115C3BBD6300A13A8593E1EA090433CDAA8539CA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2000-68-0x0000000004390000-0x0000000004414000-memory.dmp
-
Size
528KB
-
MD5
05a821b048d45593586e283834af604a
-
SHA1
2c1fd4517b43cd1237f788a07fa03a9571238bff
-
SHA256
8646623dcb870cff84446170f9b4216764821dc8976bdbb1ad7c2932b1ea4c47
-
SHA512
34de8cbd9196b5b0a2d8c959f29203d8fb3c6f9f2a473b9d24bd2af80568e8c128b6c3d9ef0a02ff82456d124b4505baaf22214bd0d7c2b46f114de2a3ad6690
-
SSDEEP
6144:kTEgdc0YYXAGbgiIN2RSBrF8gOfYNw0FdGDTjB2rpYorUicE1QYb8F9tb7VI8cT0:kTEgdfYqbgfFTbFYTmYeW7Pq8cdy
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-