General
-
Target
1a5afece6767acafd36f81957b09315e1d602275adeebc96271117fe9a816b24
-
Size
1.4MB
-
Sample
230801-z623lscd2v
-
MD5
bbaba20f017547877105ebe4ccc5188a
-
SHA1
f96e948fc0289df10caf3d33b719b511010b7a1c
-
SHA256
1a5afece6767acafd36f81957b09315e1d602275adeebc96271117fe9a816b24
-
SHA512
1444d5e4fe669c24c0d64d84a57179be86850174029ad6d67323c0858f8879d39789559f113563423beb259b8da9bbb03e21d508e283cc613df446be2c530bfc
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
1a5afece6767acafd36f81957b09315e1d602275adeebc96271117fe9a816b24
-
Size
1.4MB
-
MD5
bbaba20f017547877105ebe4ccc5188a
-
SHA1
f96e948fc0289df10caf3d33b719b511010b7a1c
-
SHA256
1a5afece6767acafd36f81957b09315e1d602275adeebc96271117fe9a816b24
-
SHA512
1444d5e4fe669c24c0d64d84a57179be86850174029ad6d67323c0858f8879d39789559f113563423beb259b8da9bbb03e21d508e283cc613df446be2c530bfc
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
-
Modifies WinLogon for persistence
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1