General
-
Target
82fbad856404c1e514dd5771957dd47359684caedb6aaa296d2ef3cdb95171d7
-
Size
1.4MB
-
Sample
230801-cwfqasdg7s
-
MD5
b7cf70d3f799eb0f6a3b2478560a3ffd
-
SHA1
094c2f279aa76eadc3508d645cabd4d6da283464
-
SHA256
82fbad856404c1e514dd5771957dd47359684caedb6aaa296d2ef3cdb95171d7
-
SHA512
6f385e587cc351c6efccc11a6599aacc5c2ce88f4d365e1a2b1878f8b424245e963371b2e530d569e920517d1735569e882681a821782a0128dda359a8950910
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
82fbad856404c1e514dd5771957dd47359684caedb6aaa296d2ef3cdb95171d7
-
Size
1.4MB
-
MD5
b7cf70d3f799eb0f6a3b2478560a3ffd
-
SHA1
094c2f279aa76eadc3508d645cabd4d6da283464
-
SHA256
82fbad856404c1e514dd5771957dd47359684caedb6aaa296d2ef3cdb95171d7
-
SHA512
6f385e587cc351c6efccc11a6599aacc5c2ce88f4d365e1a2b1878f8b424245e963371b2e530d569e920517d1735569e882681a821782a0128dda359a8950910
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-