General
-
Target
bNcd.exe
-
Size
348KB
-
Sample
230531-qh7hrafe3t
-
MD5
327bb4dfec8cfc425678b2a9afc6d592
-
SHA1
da7e52a4666e8fb50f04453e2966954f2aeb9174
-
SHA256
575a2f0d48c457c8dcc8d5ef5a964adbb50b48c7dda5d35592e1db58f8401a98
-
SHA512
daeae0c7ddaf892576a0f7e51898c666dfa139ec37f311996ff57119b0a98e48bdd6e56e191ed40bc2882a77715845fe875ed0bd2fab16e805669055cd67f9c0
-
SSDEEP
6144:37qQ4i1FFiEK5zLuDl+BTlbRjlV4dFsiz7fKUB+q:rpliRySvIsi/fKUcq
Behavioral task
behavioral1
Sample
bNcd.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
cryptersandtools.ddns.com.br:5552
QSR_MUTEX_PV7LCoiUmiwD1RBPCq
-
encryption_key
2yfSzdUNgSe9EVCk7VEH
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
bNcd.exe
-
Size
348KB
-
MD5
327bb4dfec8cfc425678b2a9afc6d592
-
SHA1
da7e52a4666e8fb50f04453e2966954f2aeb9174
-
SHA256
575a2f0d48c457c8dcc8d5ef5a964adbb50b48c7dda5d35592e1db58f8401a98
-
SHA512
daeae0c7ddaf892576a0f7e51898c666dfa139ec37f311996ff57119b0a98e48bdd6e56e191ed40bc2882a77715845fe875ed0bd2fab16e805669055cd67f9c0
-
SSDEEP
6144:37qQ4i1FFiEK5zLuDl+BTlbRjlV4dFsiz7fKUB+q:rpliRySvIsi/fKUcq
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-