General
-
Target
https://download2302.mediafire.com/yjhq10ixpjfgzkkYQwgqQ6R6f2gWVP2WU0emUe_o0Wrbi1mZZNp60odGSSQPx7OLjXe9C_7Ob_0EUfihikfA27lh6arXNV8yu92S_gLV0S6Ipdso6CSbqB4KRIzxosSsGntJlTm3S1QNOX835qyCSyyx4QcyILuf7WdoCmdNw2fAsw/ncw1btoynpsezya/Remover.bat
-
Sample
230520-r8cxhafe3v
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://download2302.mediafire.com/yjhq10ixpjfgzkkYQwgqQ6R6f2gWVP2WU0emUe_o0Wrbi1mZZNp60odGSSQPx7OLjXe9C_7Ob_0EUfihikfA27lh6arXNV8yu92S_gLV0S6Ipdso6CSbqB4KRIzxosSsGntJlTm3S1QNOX835qyCSyyx4QcyILuf7WdoCmdNw2fAsw/ncw1btoynpsezya/Remover.bat
Resource
win10v2004-20230220-en
Malware Config
Extracted
quasar
1.4.1
Slave
5.180.180.66:4782
28d5f0ab-9c9d-4762-9e41-3c5ccbfcffae
-
encryption_key
5484AD7AC17743300FB1AC39869E7C36DF7762A0
-
install_name
MicrosoftEdge.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Edge
-
subdirectory
Edge
Targets
-
-
Target
https://download2302.mediafire.com/yjhq10ixpjfgzkkYQwgqQ6R6f2gWVP2WU0emUe_o0Wrbi1mZZNp60odGSSQPx7OLjXe9C_7Ob_0EUfihikfA27lh6arXNV8yu92S_gLV0S6Ipdso6CSbqB4KRIzxosSsGntJlTm3S1QNOX835qyCSyyx4QcyILuf7WdoCmdNw2fAsw/ncw1btoynpsezya/Remover.bat
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-