General
-
Target
Client-built.exe
-
Size
502KB
-
Sample
230218-s6etracf36
-
MD5
b19e73c0df819f80752d5554c6dd8189
-
SHA1
c335ba9f8c718d97de33149e45e76d5ec4379131
-
SHA256
82b83257386bbf56012daf7a3e96340cc672142966b92d66e212d733fe9a5730
-
SHA512
5334081ce161602edee78ab09469c4120f31f9e14f4f13f4099cbd9caae603fb3c5cf9a916292d54e9975566ff2a4ab1ffb00e4d2781751e4370db3bde3c6e79
-
SSDEEP
6144:0TEgdc0Y5ebGbXOsA6j1RdhWnf4moYsxW5Etql+yw4EUcEpOb8F9d9Sl3HPvcTRy:0TEgdfYhA6yf4Fn44ywGZpX9u3Xcdi
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Client-built.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
quasar
1.4.0
Office04
mingrelian.ddns.net:5552
127.0.0.1:5552
ac295147-615a-4c75-baa4-17de592dbddd
-
encryption_key
8D503852994A4016F90481B3C6305365B2B155CF
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
502KB
-
MD5
b19e73c0df819f80752d5554c6dd8189
-
SHA1
c335ba9f8c718d97de33149e45e76d5ec4379131
-
SHA256
82b83257386bbf56012daf7a3e96340cc672142966b92d66e212d733fe9a5730
-
SHA512
5334081ce161602edee78ab09469c4120f31f9e14f4f13f4099cbd9caae603fb3c5cf9a916292d54e9975566ff2a4ab1ffb00e4d2781751e4370db3bde3c6e79
-
SSDEEP
6144:0TEgdc0Y5ebGbXOsA6j1RdhWnf4moYsxW5Etql+yw4EUcEpOb8F9d9Sl3HPvcTRy:0TEgdfYhA6yf4Fn44ywGZpX9u3Xcdi
Score10/10-
Quasar payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-