General
-
Target
7a98ca652a682ae96bc3f9ac6d554d82.bin
-
Size
488KB
-
Sample
230528-byfbwadg75
-
MD5
fb8f7264ab9fcf4ca72ece72604f49fe
-
SHA1
9e7b3a4fb41bfc8067e25be0e50bd24bc2db6943
-
SHA256
1e2ca810cc9233dc0350cafb6d52f0a9e5ccafe1b3b8c9d3f70ca406be970566
-
SHA512
65e343a202259258119152903418aca362bc367acea2791372c7fce433e559dfb829c40a057f1e7eae750e96786daee061db8176ba3511b2abcc39dc38213bc8
-
SSDEEP
6144:4ODuQ1xDSfFIIfghqa/EJVDj0mzr/mykSooZ3mRiV6sIcCHVizF0duoSmPn:jDuCx2FIIYMayD3uyV3NkcC1aF0d1S2n
Behavioral task
behavioral1
Sample
d79a203caba18b6e1190b0022296d56f96253d4fb39b96aaaeaaa02241f28b16.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d79a203caba18b6e1190b0022296d56f96253d4fb39b96aaaeaaa02241f28b16.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
quasar
2.7.0.0
Venom Client
markphoto.casacam.net:5000
JlYM51eW4iZoFyLa2X
-
encryption_key
BL7lZzIkUckEp2RCh8Q6
-
install_name
Venom.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
Targets
-
-
Target
d79a203caba18b6e1190b0022296d56f96253d4fb39b96aaaeaaa02241f28b16.exe
-
Size
1.0MB
-
MD5
7a98ca652a682ae96bc3f9ac6d554d82
-
SHA1
dbb6b1d490b64e9b1260d0ad55cd2fe1d776586f
-
SHA256
d79a203caba18b6e1190b0022296d56f96253d4fb39b96aaaeaaa02241f28b16
-
SHA512
6fd10b572f7c39fc2b33d57957f1c36102da158a22a5b4d855736dd5ed92a3ba5d945662d11ad2b69f845f16c48a9875258fa2cdc80089cd5863c7980d21ce9f
-
SSDEEP
24576:t+ynkc1ZzBvtrZHFjMKY2naU8elKA9eaZYZg+ryTh:4ynkc1ZzBvtrZHFjMKY2nb8elKAgaZXN
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-