General
-
Target
Heart Sender V5.0.exe
-
Size
439KB
-
Sample
230225-v1zyvadh53
-
MD5
8f808bb54b422500304dfc68b87198fc
-
SHA1
24ebeb615f0bdcaa3980722100d6fc42111b62ec
-
SHA256
680caf0e30b204544971d053b635ed0e3f1dee3332d9eab8a08b3f04cd7ecd75
-
SHA512
46ce4cde81607819e360b0efc424c4b5602c7515661a88e6a0d66cd9e88dcc68219f0a85200e6c40cc34bcac0e5ab652e6db4b4b1c1b913ad351061dae880e99
-
SSDEEP
6144:vwLRSjIXAnZQel5w7T4P5Kq+SMv0VGb7bDcllbkuVB8:v/4AZrg7g9zVGkllbko
Behavioral task
behavioral1
Sample
Heart Sender V5.0.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Extracted
quasar
1.4.0.0
Office04
67.213.221.18:7812
KFoYp486ql6lO6U0qI
-
encryption_key
OtItMK9boIZNOQTejUzg
-
install_name
Windows Security.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Update
-
subdirectory
Windows Services
Targets
-
-
Target
Heart Sender V5.0.exe
-
Size
439KB
-
MD5
8f808bb54b422500304dfc68b87198fc
-
SHA1
24ebeb615f0bdcaa3980722100d6fc42111b62ec
-
SHA256
680caf0e30b204544971d053b635ed0e3f1dee3332d9eab8a08b3f04cd7ecd75
-
SHA512
46ce4cde81607819e360b0efc424c4b5602c7515661a88e6a0d66cd9e88dcc68219f0a85200e6c40cc34bcac0e5ab652e6db4b4b1c1b913ad351061dae880e99
-
SSDEEP
6144:vwLRSjIXAnZQel5w7T4P5Kq+SMv0VGb7bDcllbkuVB8:v/4AZrg7g9zVGkllbko
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-