General
-
Target
readme.txt
-
Size
883B
-
Sample
230530-vtdr2abc4v
-
MD5
f32dc53dea22ab780d87dbe53ecc85f4
-
SHA1
a3a57d0730c880a3e72371d15e5e8a96d71c2c1e
-
SHA256
0865fcaaffbee526ecc6c62d837a7684b63c55ecc940887ec88c617836b83a40
-
SHA512
bd3308edc436226e5e746d5e2cba7b716b92af6b67f7fdc2830d322e6a189ee4d914e24616af46168e3e5e42442df10e9e28d44374c80107de5c0b4988159886
Static task
static1
Behavioral task
behavioral1
Sample
readme.txt
Resource
win7-20230220-en
Malware Config
Extracted
quasar
-
encryption_key
428B8BF995C1D5153E40DED9D607521359BB4C60
-
reconnect_delay
3000
-
subdirectory
(
Targets
-
-
Target
readme.txt
-
Size
883B
-
MD5
f32dc53dea22ab780d87dbe53ecc85f4
-
SHA1
a3a57d0730c880a3e72371d15e5e8a96d71c2c1e
-
SHA256
0865fcaaffbee526ecc6c62d837a7684b63c55ecc940887ec88c617836b83a40
-
SHA512
bd3308edc436226e5e746d5e2cba7b716b92af6b67f7fdc2830d322e6a189ee4d914e24616af46168e3e5e42442df10e9e28d44374c80107de5c0b4988159886
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-