General
-
Target
tmp
-
Size
13KB
-
Sample
230603-l5jb8agd82
-
MD5
391ba2756ec6942039c4ee86298ae17e
-
SHA1
273c86c5fe62e8bae1edc91c0e48acad8c69ffe5
-
SHA256
ba5a2409b8547d35233577a04c9a7dda6a40c29d7ced93361343815648a8cd4d
-
SHA512
9e9a4820cb9efc6506978d952bb38658bec6523842bf3470ceb1a3964b612fe181c9e13ae2a69f81b297225144ed76d5923aa5f57d3e130996fc09ab51bffe5d
-
SSDEEP
384:NrDBok9LvwWprNw9HzAHYPdnlAc4qfnPN:hBoYMz1Ac48P
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
cryptersandtools.ddns.com.br:5552
QSR_MUTEX_PV7LCoiUmiwD1RBPCq
-
encryption_key
2yfSzdUNgSe9EVCk7VEH
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
tmp
-
Size
13KB
-
MD5
391ba2756ec6942039c4ee86298ae17e
-
SHA1
273c86c5fe62e8bae1edc91c0e48acad8c69ffe5
-
SHA256
ba5a2409b8547d35233577a04c9a7dda6a40c29d7ced93361343815648a8cd4d
-
SHA512
9e9a4820cb9efc6506978d952bb38658bec6523842bf3470ceb1a3964b612fe181c9e13ae2a69f81b297225144ed76d5923aa5f57d3e130996fc09ab51bffe5d
-
SSDEEP
384:NrDBok9LvwWprNw9HzAHYPdnlAc4qfnPN:hBoYMz1Ac48P
-
Quasar payload
-
Suspicious use of SetThreadContext
-