General
-
Target
3361ed274fea7ddc9fac547c14a73d2cdac5952a79d18877372f90bc133ed935
-
Size
1.4MB
-
Sample
230802-bvdc4scb29
-
MD5
b4a1c3d1779d06695a734eb06526c638
-
SHA1
ed4cde7780d079efe6c3b681db92aac3ac2b6eba
-
SHA256
3361ed274fea7ddc9fac547c14a73d2cdac5952a79d18877372f90bc133ed935
-
SHA512
e57e04dda493ee7ef2dc38f6b13a29f6ab79013c91266dc3b5053d3b3833a23670f7cce65cd8beb160943e65c25d31ad7d665bc56bb6b6c2e19a14fe384e44a1
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
3361ed274fea7ddc9fac547c14a73d2cdac5952a79d18877372f90bc133ed935
-
Size
1.4MB
-
MD5
b4a1c3d1779d06695a734eb06526c638
-
SHA1
ed4cde7780d079efe6c3b681db92aac3ac2b6eba
-
SHA256
3361ed274fea7ddc9fac547c14a73d2cdac5952a79d18877372f90bc133ed935
-
SHA512
e57e04dda493ee7ef2dc38f6b13a29f6ab79013c91266dc3b5053d3b3833a23670f7cce65cd8beb160943e65c25d31ad7d665bc56bb6b6c2e19a14fe384e44a1
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-