General
-
Target
Client.exe
-
Size
3.1MB
-
Sample
230731-bkb3asca49
-
MD5
d4e19c7f48db1703b342222223963b31
-
SHA1
b5017897555d0cceb0a60b9b09a68580d8e7657a
-
SHA256
629d5530f275916f11c4d7c3cca65e7b456544241dc9c89990feaddcc43860d4
-
SHA512
39a4f02df0e711bb1c5eb478dacbc62ec3ffe7302b8adcfcd72c44563dc2e2e1da0a5157d441ff5bc485809b13510b4fb0ea82c711ae228f71cf233586988eaf
-
SSDEEP
49152:jvdG42pda6D+/PjlLOlg6yQipVRC01JSLoGdoqTHHB72eh2NT:jv042pda6D+/PjlLOlZyQipVRCP
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20230712-en
Malware Config
Extracted
quasar
1.4.1
Infected
192.168.1.1:4782
192.168.1.66:4782
dark-crystal.at.ply.gg:4782
ff410ede-beff-4970-8e12-7d251057f1fd
-
encryption_key
1B172706DED462B59F2A5056AB06A8DD1EE8491B
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client.exe
-
Size
3.1MB
-
MD5
d4e19c7f48db1703b342222223963b31
-
SHA1
b5017897555d0cceb0a60b9b09a68580d8e7657a
-
SHA256
629d5530f275916f11c4d7c3cca65e7b456544241dc9c89990feaddcc43860d4
-
SHA512
39a4f02df0e711bb1c5eb478dacbc62ec3ffe7302b8adcfcd72c44563dc2e2e1da0a5157d441ff5bc485809b13510b4fb0ea82c711ae228f71cf233586988eaf
-
SSDEEP
49152:jvdG42pda6D+/PjlLOlg6yQipVRC01JSLoGdoqTHHB72eh2NT:jv042pda6D+/PjlLOlZyQipVRCP
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-