General
-
Target
Client-built.mp.exe
-
Size
100.0MB
-
Sample
230604-rhphlscd56
-
MD5
7fa51dbc125354cb761cffe80bb9197d
-
SHA1
9eaf112b2c1071c7cb47701f858db113197fc5c1
-
SHA256
101ca6d2527a7ccbbf730ecdf911bfb509a5705c75966f43b10fa7689b60306a
-
SHA512
130c355dfce059f0d0587fcee12afc2195ed7187c36fe254c99b451237b8266494972106b507cefc387a7a368644527a83dff66b6b70f41a83e62c85fa2f34d5
-
SSDEEP
24576:W/uKMSmNn4nLuM2iyASjiOv7Qb7m9Bn78Y6jXANKWIwk52CvSa4JVxx:W/SNH5KanyEkW
Behavioral task
behavioral1
Sample
Client-built.mp.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.3.0.0
fbsystem
bobbawb1000.duckdns.org:23092
1285744062619928830
-
encryption_key
DaKwT5hTDvGHU1fEyTZ3
-
install_name
fbsystem.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
fbsystem
-
subdirectory
fbsystem
Targets
-
-
Target
Client-built.mp.exe
-
Size
100.0MB
-
MD5
7fa51dbc125354cb761cffe80bb9197d
-
SHA1
9eaf112b2c1071c7cb47701f858db113197fc5c1
-
SHA256
101ca6d2527a7ccbbf730ecdf911bfb509a5705c75966f43b10fa7689b60306a
-
SHA512
130c355dfce059f0d0587fcee12afc2195ed7187c36fe254c99b451237b8266494972106b507cefc387a7a368644527a83dff66b6b70f41a83e62c85fa2f34d5
-
SSDEEP
24576:W/uKMSmNn4nLuM2iyASjiOv7Qb7m9Bn78Y6jXANKWIwk52CvSa4JVxx:W/SNH5KanyEkW
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-