General
-
Target
c457681513ecad761f8235e40c755c4b2df1be62d17cb110fde1e4a6adde8524
-
Size
1.4MB
-
Sample
230801-dz113sda25
-
MD5
5e597662e141d3d761f74e2d06500b32
-
SHA1
c2c1fd371bd3a3ea0e6b5aa23f5191d647969d81
-
SHA256
c457681513ecad761f8235e40c755c4b2df1be62d17cb110fde1e4a6adde8524
-
SHA512
67390d1fb61b567280930f80b36a5b7ab9291e13d45277dd2c687f535deb93d56e29d20c3f24533b3923398730a2845baf5762051d675572c9a48a6288c008c3
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
c457681513ecad761f8235e40c755c4b2df1be62d17cb110fde1e4a6adde8524
-
Size
1.4MB
-
MD5
5e597662e141d3d761f74e2d06500b32
-
SHA1
c2c1fd371bd3a3ea0e6b5aa23f5191d647969d81
-
SHA256
c457681513ecad761f8235e40c755c4b2df1be62d17cb110fde1e4a6adde8524
-
SHA512
67390d1fb61b567280930f80b36a5b7ab9291e13d45277dd2c687f535deb93d56e29d20c3f24533b3923398730a2845baf5762051d675572c9a48a6288c008c3
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-