General
-
Target
Client-built.exe
-
Size
297KB
-
Sample
230608-q3vppafg65
-
MD5
93f801058bb061be32af8c525baea538
-
SHA1
b2351a923fb9cdaa8e99028dcb923bcbfbe3310f
-
SHA256
aa2d99486c626b387ecc3878f14c7ae474b0f11baa16ba5099bfcbc8f91769e7
-
SHA512
61cb9175c8842faf107f8794f312173bba25f3371549b10751f36d23ab56690924a473d5f5b91f778256be1c2e86db61956ee6f0e6c50a178b157e5393c31c73
-
SSDEEP
6144:OOiBrrr6ddrSm3+Nw+v/i7bbD/TVz/SnawT:4BruhOni7DBz/SnawT
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.3.0.0
fbsystem
5.tcp.eu.ngrok.io:12819
1285744062619928830
-
encryption_key
QntjD0xW34hYkmLnJhDR
-
install_name
fbsystem.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
fbsystem
-
subdirectory
fbsystem
Targets
-
-
Target
Client-built.exe
-
Size
297KB
-
MD5
93f801058bb061be32af8c525baea538
-
SHA1
b2351a923fb9cdaa8e99028dcb923bcbfbe3310f
-
SHA256
aa2d99486c626b387ecc3878f14c7ae474b0f11baa16ba5099bfcbc8f91769e7
-
SHA512
61cb9175c8842faf107f8794f312173bba25f3371549b10751f36d23ab56690924a473d5f5b91f778256be1c2e86db61956ee6f0e6c50a178b157e5393c31c73
-
SSDEEP
6144:OOiBrrr6ddrSm3+Nw+v/i7bbD/TVz/SnawT:4BruhOni7DBz/SnawT
-
Quasar payload
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-