General
-
Target
a84e026ecca48ed97df640bb5b68e980.bin
-
Size
180KB
-
Sample
230528-b6m2padh24
-
MD5
dcbb9541d0bc014745efb844cbbd3da8
-
SHA1
ec2a0c94e8a31a30bf9a37880ccf33874f11c03d
-
SHA256
de461824c1fa59cbf7d176ea8861fd8ccf940c0dd64e2ee778db4323c4b331fe
-
SHA512
6228b0eff5bc3367bf4efb3ee0fdcde8f43408628eb4a26007555c44199d11bc81ba03f780b23f71648fcd28d454fb81bc14342213b6cd34620e70a74dca6b44
-
SSDEEP
3072:39lczVUeTIt/EYSUaIRHAjcywdxfeRyg6APrfVgKRQg0NuRfGCTl5Hy7W6:8VHUUkAneBgZpQwRfG4PyT
Behavioral task
behavioral1
Sample
90c5baa1030eb91bb5f870eb75e48fe3187d41c938527695ae59bdc6fb6bd3ba.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
cryptersandtools.ddns.com.br:5552
QSR_MUTEX_PV7LCoiUmiwD1RBPCq
-
encryption_key
Vw2ej5yeMh01Kv7liiDf
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
90c5baa1030eb91bb5f870eb75e48fe3187d41c938527695ae59bdc6fb6bd3ba.exe
-
Size
348KB
-
MD5
a84e026ecca48ed97df640bb5b68e980
-
SHA1
c7a8291fa7b7fd6ed7c633e95b6c48d646acfc6d
-
SHA256
90c5baa1030eb91bb5f870eb75e48fe3187d41c938527695ae59bdc6fb6bd3ba
-
SHA512
57c92c32df21dfc9346446ee4146da01e2fd52101f5fab1f24364addbc8bb3846b9f2fecc7b5f2c8fee5301be8b0af833a9d6b43f5ae73d55201167be4ef61c0
-
SSDEEP
6144:P7qQ4i1FFiEKrmVxmg1TnE0DaGbdRly/9LxcGBFGbVzS:jpli8xx1Q9tLxdBERzS
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-