General
-
Target
327bb4dfec8cfc425678b2a9afc6d592.bin
-
Size
180KB
-
Sample
230602-brzf6shf5w
-
MD5
e1ebd6638e20dac8f278c790a3ec080b
-
SHA1
92733d8de1a73e6bfa4500b14e4d67e250f277b3
-
SHA256
18a1c49e27acacb0379943c4c56dc0ebd37d7da351360435b6e94d14dc57cfee
-
SHA512
44f99645c55540b4d3beffd42b3415b30c755edb68bf210ab069ee3d4cf86729aa6b91a268d9519ece2bdc8e04fcb11b91e8e45d0feb624e288becb198a5f6c2
-
SSDEEP
3072:JEFoct+MX2G13vYf2vZaDDlfuFEdPLw6Wp9aROMeJMGxm4BdlOrhp:9BMG/2hWlWFaPLBROMWxLlO
Behavioral task
behavioral1
Sample
575a2f0d48c457c8dcc8d5ef5a964adbb50b48c7dda5d35592e1db58f8401a98.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
cryptersandtools.ddns.com.br:5552
QSR_MUTEX_PV7LCoiUmiwD1RBPCq
-
encryption_key
2yfSzdUNgSe9EVCk7VEH
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
575a2f0d48c457c8dcc8d5ef5a964adbb50b48c7dda5d35592e1db58f8401a98.exe
-
Size
348KB
-
MD5
327bb4dfec8cfc425678b2a9afc6d592
-
SHA1
da7e52a4666e8fb50f04453e2966954f2aeb9174
-
SHA256
575a2f0d48c457c8dcc8d5ef5a964adbb50b48c7dda5d35592e1db58f8401a98
-
SHA512
daeae0c7ddaf892576a0f7e51898c666dfa139ec37f311996ff57119b0a98e48bdd6e56e191ed40bc2882a77715845fe875ed0bd2fab16e805669055cd67f9c0
-
SSDEEP
6144:37qQ4i1FFiEK5zLuDl+BTlbRjlV4dFsiz7fKUB+q:rpliRySvIsi/fKUcq
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-