General
-
Target
da0302e0803f64dcdb60454a87f9bf78.exe
-
Size
528KB
-
Sample
230614-pvp9kaha59
-
MD5
da0302e0803f64dcdb60454a87f9bf78
-
SHA1
243a5df7c15062adeb9a6a4c009b2813d91ca2e7
-
SHA256
d5872aec821628ddcdf5276cc043041713dbbf44aeeb34e70158f176613887ec
-
SHA512
fc253e2b891429d7e7893a0bc7b53d0e6cb7dd8f925a68c2781c2c1e110080c8c496c8fe511476e291df63ed8ff0a1055781ca764edba504e0bc48048faa9653
-
SSDEEP
12288:M6kit4htKxmmnYZ3oHp5EAUVb8k7BsSJMSA5O71:M6kJtE75XzWQk7BsTN
Static task
static1
Behavioral task
behavioral1
Sample
da0302e0803f64dcdb60454a87f9bf78.exe
Resource
win7-20230220-en
Malware Config
Extracted
quasar
1.4.0
newcrypt
103.136.199.131:4782
158.247.227.231:4782
973aa178-3f17-48ed-b33e-52dd11425768
-
encryption_key
3E9E141AD83C5BD6CE91880C0E256E15401EC674
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Google Chrome Updater
-
subdirectory
SubDir
Targets
-
-
Target
da0302e0803f64dcdb60454a87f9bf78.exe
-
Size
528KB
-
MD5
da0302e0803f64dcdb60454a87f9bf78
-
SHA1
243a5df7c15062adeb9a6a4c009b2813d91ca2e7
-
SHA256
d5872aec821628ddcdf5276cc043041713dbbf44aeeb34e70158f176613887ec
-
SHA512
fc253e2b891429d7e7893a0bc7b53d0e6cb7dd8f925a68c2781c2c1e110080c8c496c8fe511476e291df63ed8ff0a1055781ca764edba504e0bc48048faa9653
-
SSDEEP
12288:M6kit4htKxmmnYZ3oHp5EAUVb8k7BsSJMSA5O71:M6kJtE75XzWQk7BsTN
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-