General
-
Target
fe49b015a16da43e5df8d028f5313f0bd4063014c1f687ebd14300805b921113
-
Size
1.4MB
-
Sample
230801-dfzznscg93
-
MD5
2f07cbf4c078c51444d8aac2e7e38782
-
SHA1
dd4cb5076ad8317939191404bb2e8856c950a13e
-
SHA256
fe49b015a16da43e5df8d028f5313f0bd4063014c1f687ebd14300805b921113
-
SHA512
af1008cf4a3f5dab47d2b776b39923bd27d7b22bd06d4711e5441d3560a103c6e513fb703ad4904aa3d3d8634c0b0f9f78c2111c47b06a399e1e7e0c24e88b3d
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Static task
static1
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
fe49b015a16da43e5df8d028f5313f0bd4063014c1f687ebd14300805b921113
-
Size
1.4MB
-
MD5
2f07cbf4c078c51444d8aac2e7e38782
-
SHA1
dd4cb5076ad8317939191404bb2e8856c950a13e
-
SHA256
fe49b015a16da43e5df8d028f5313f0bd4063014c1f687ebd14300805b921113
-
SHA512
af1008cf4a3f5dab47d2b776b39923bd27d7b22bd06d4711e5441d3560a103c6e513fb703ad4904aa3d3d8634c0b0f9f78c2111c47b06a399e1e7e0c24e88b3d
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-