General
-
Target
669a4762ebbc01ff9465324a4d3e819d0eff2f66851c4beabbc526ded68f1714
-
Size
1.4MB
-
Sample
230801-dyx8ssch98
-
MD5
295b10a4c8e2321fc2f4c94b3faf597d
-
SHA1
d7975938a4cec18fd115e1d67f30d0a3c7c0dd0a
-
SHA256
669a4762ebbc01ff9465324a4d3e819d0eff2f66851c4beabbc526ded68f1714
-
SHA512
80286405637ede472d27f4123c629c0c17d8ff376a96592c153e679d06fade01a6757ce1baca9a2c9358b1c7e2dd1aee835817d5d9291b65eb8c86a83ccf9b79
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
669a4762ebbc01ff9465324a4d3e819d0eff2f66851c4beabbc526ded68f1714
-
Size
1.4MB
-
MD5
295b10a4c8e2321fc2f4c94b3faf597d
-
SHA1
d7975938a4cec18fd115e1d67f30d0a3c7c0dd0a
-
SHA256
669a4762ebbc01ff9465324a4d3e819d0eff2f66851c4beabbc526ded68f1714
-
SHA512
80286405637ede472d27f4123c629c0c17d8ff376a96592c153e679d06fade01a6757ce1baca9a2c9358b1c7e2dd1aee835817d5d9291b65eb8c86a83ccf9b79
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-