General
-
Target
185.238.3.205_-_q.exe___8e0d3f72d15bb3034a088f3f42116790.dat
-
Size
288KB
-
Sample
230215-man5nabd24
-
MD5
8e0d3f72d15bb3034a088f3f42116790
-
SHA1
2ad77f63db2858d189bcda134df9252be76a3d1e
-
SHA256
947b7652ee3eab63fbf18856d957122fb166ecde863a6ce63d2d72f876929773
-
SHA512
93e1df8df25f9e5840b4e2a2f27fbaed0f01f914f8e12256f92d63d0c8014562008e4eb1abaf7d628f9ba8410044e94562fb3d97580100aebd2cad5fd4203489
-
SSDEEP
6144:aKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkTC:JzCGL69zVGkllbkW
Behavioral task
behavioral1
Sample
185.238.3.205_-_q.exe___8e0d3f72d15bb3034a088f3f42116790.exe
Resource
win7-20220812-en
Malware Config
Extracted
quasar
1.4.0.0
Office04
185.238.3.205:5556
Bd5ftiu7vEIfK0OeQc
-
encryption_key
MGyMN6gksTsGQSwMw42Y
-
install_name
Client.exe
-
log_directory
Logz
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
185.238.3.205_-_q.exe___8e0d3f72d15bb3034a088f3f42116790.dat
-
Size
288KB
-
MD5
8e0d3f72d15bb3034a088f3f42116790
-
SHA1
2ad77f63db2858d189bcda134df9252be76a3d1e
-
SHA256
947b7652ee3eab63fbf18856d957122fb166ecde863a6ce63d2d72f876929773
-
SHA512
93e1df8df25f9e5840b4e2a2f27fbaed0f01f914f8e12256f92d63d0c8014562008e4eb1abaf7d628f9ba8410044e94562fb3d97580100aebd2cad5fd4203489
-
SSDEEP
6144:aKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkTC:JzCGL69zVGkllbkW
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-