General
-
Target
0x002000000000f683-57.dat
-
Size
289KB
-
Sample
230225-v3eexsdf7t
-
MD5
9ed927a589ceb0eb1cd72036f72b65ac
-
SHA1
b48d9257d0c902736c897a4d0cdf430939ff47af
-
SHA256
ed1545bda10c94c007b0d75b7895d10548fa096ba1b984b519737dfc6f307f3a
-
SHA512
282871bd88691162e3aaa5f679049e991ecc3ea605fcb8a63eac284f93e2c499a7a36bae26f584675de5601fc72710eb464068f4d258bf7184cb1da2fe573675
-
SSDEEP
6144:4RSjIXAnZQel5w7T4P5Kq+SMv0VGb7bDcllbkuVB:h4AZrg7g9zVGkllbko
Behavioral task
behavioral1
Sample
0x002000000000f683-57.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.0.0
Office04
67.213.221.18:7812
KFoYp486ql6lO6U0qI
-
encryption_key
OtItMK9boIZNOQTejUzg
-
install_name
Windows Security.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Update
-
subdirectory
Windows Services
Targets
-
-
Target
0x002000000000f683-57.dat
-
Size
289KB
-
MD5
9ed927a589ceb0eb1cd72036f72b65ac
-
SHA1
b48d9257d0c902736c897a4d0cdf430939ff47af
-
SHA256
ed1545bda10c94c007b0d75b7895d10548fa096ba1b984b519737dfc6f307f3a
-
SHA512
282871bd88691162e3aaa5f679049e991ecc3ea605fcb8a63eac284f93e2c499a7a36bae26f584675de5601fc72710eb464068f4d258bf7184cb1da2fe573675
-
SSDEEP
6144:4RSjIXAnZQel5w7T4P5Kq+SMv0VGb7bDcllbkuVB:h4AZrg7g9zVGkllbko
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-