General
-
Target
d1c929278c8a9455e511c54af3fa83f0.bin
-
Size
488KB
-
Sample
230528-cc4m1sdh49
-
MD5
714babb95b4192a1db18440a4e557eca
-
SHA1
6a01288bb2fda6e7e64cdd8531d9cc1b76b8e9e4
-
SHA256
ab991f490e6b779f70f684ac6742c6ba25be045822695bfc02fa0dd1c6e423c2
-
SHA512
d0b70a2b96fba7f455a689c2e851e983451641d6aa03aaf8763241650724e710bb60ee9f97b3c7270e185907b63f7d60240ef8b3db168ed293584a3dbfe5f943
-
SSDEEP
12288:+zThjUGPf+maBTIG/yzQm/P0cOS8JqEL5hBb3Y:eTBPf+RBUPzQYPEL5hBDY
Behavioral task
behavioral1
Sample
11dbce37dfbc51c96c4f699c51e3c1bb7626cb7efcdbb9408cc500428a48827e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
11dbce37dfbc51c96c4f699c51e3c1bb7626cb7efcdbb9408cc500428a48827e.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
quasar
2.7.0.0
Venom Client
markphoto.casacam.net:5000
JlYM51eW4iZoFyLa2X
-
encryption_key
Xs9khGbxnXFgwtiuru4Q
-
install_name
Venom.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
Targets
-
-
Target
11dbce37dfbc51c96c4f699c51e3c1bb7626cb7efcdbb9408cc500428a48827e.exe
-
Size
1.0MB
-
MD5
d1c929278c8a9455e511c54af3fa83f0
-
SHA1
d84ec50973b36bd214cd43ebb1baac6b2cdc8b83
-
SHA256
11dbce37dfbc51c96c4f699c51e3c1bb7626cb7efcdbb9408cc500428a48827e
-
SHA512
b1aeff9ffc7a76d80ba6e3999ed2a47b10d42e9d2bbe690617b71d59762ba64040088dc5b18905634c59bfb84dd85023e8619303386877f5f71969eb21b9b8d8
-
SSDEEP
24576:M+ynkc1ZzBvtrZHFjMKY2SrtxeloGEoUDwc81iwJZ:pynkc1ZzBvtrZHFjMKY2+xeloGEzDx8l
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-