General
-
Target
586Client-built.exe
-
Size
502KB
-
Sample
230220-xdxlbabh94
-
MD5
9b88ff4481e391240a73bfa6a77d0ffe
-
SHA1
b761dbb2f335dafa905e51d99e575035cfce4a79
-
SHA256
ee70c6c9be8f4ee4ef8988abeb74274637424e0b16d6a0139ffe7684d3a0cf70
-
SHA512
1ebab59476591094a07079403f1cafcaf90ba5d4392323e472da3f4fca05d98adf1e9cb8c445b2438d57165aa271821963c75f61811e0f14c2f46e2cfc6a3d6d
-
SSDEEP
12288:1TEgdfYexUzDXoMK4bywOApKEMXql5bcdW:WUw3sCywOApE6l9cdW
Behavioral task
behavioral1
Sample
586Client-built.exe
Resource
win7-20221111-en
Malware Config
Extracted
quasar
1.4.0
Office04
staff-defines.at.ply.gg:58642
2e9761cb-ec4c-4ce1-a7ad-c3b29a10d95c
-
encryption_key
B502E88905C46E4DDCA7F9C490E1523FE06B4C01
-
install_name
Okay.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SenpaiClient
-
subdirectory
SubDir
Targets
-
-
Target
586Client-built.exe
-
Size
502KB
-
MD5
9b88ff4481e391240a73bfa6a77d0ffe
-
SHA1
b761dbb2f335dafa905e51d99e575035cfce4a79
-
SHA256
ee70c6c9be8f4ee4ef8988abeb74274637424e0b16d6a0139ffe7684d3a0cf70
-
SHA512
1ebab59476591094a07079403f1cafcaf90ba5d4392323e472da3f4fca05d98adf1e9cb8c445b2438d57165aa271821963c75f61811e0f14c2f46e2cfc6a3d6d
-
SSDEEP
12288:1TEgdfYexUzDXoMK4bywOApKEMXql5bcdW:WUw3sCywOApE6l9cdW
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-