General
-
Target
7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb.exe
-
Size
544KB
-
Sample
230209-tjnzksba45
-
MD5
09eaa01d4cfdc1e07bacc0c7fa45ff02
-
SHA1
08812d6fba326f56b3b05066e1d0464cbba27ff2
-
SHA256
7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb46b
-
SHA512
6c4367264bfd2d173284025aea705979c3a0a088141c4d92f04fa509df9f62499c14f331ea773c0777b4e919b4e8d716f85e8d2e34efcbc741fd1c7014898115
-
SSDEEP
6144:91UkiucTWMxchMkLmsRkK800JI7famUSC59Q+ib8F9lZxS5saAOvOm:91Uk6aMx/Ir02e359rFDZx2AO7
Behavioral task
behavioral1
Sample
7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb.exe
Resource
win7-20221111-en
Malware Config
Extracted
quasar
1.4.0
Office04
quasharr.ddns.net:4782
quasharr21.ddns.net:4782
quasharr22.ddns.net:4782
quasharr33.ddns.net:4782
1f1a8604-757c-4251-9294-1b6985c3c1c7
-
encryption_key
2D1A3994D3C8E5C6071E7048589030F3E389DDC7
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows
-
subdirectory
SubDir
Targets
-
-
Target
7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb.exe
-
Size
544KB
-
MD5
09eaa01d4cfdc1e07bacc0c7fa45ff02
-
SHA1
08812d6fba326f56b3b05066e1d0464cbba27ff2
-
SHA256
7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb46b
-
SHA512
6c4367264bfd2d173284025aea705979c3a0a088141c4d92f04fa509df9f62499c14f331ea773c0777b4e919b4e8d716f85e8d2e34efcbc741fd1c7014898115
-
SSDEEP
6144:91UkiucTWMxchMkLmsRkK800JI7famUSC59Q+ib8F9lZxS5saAOvOm:91Uk6aMx/Ir02e359rFDZx2AO7
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-