General
-
Target
ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c
-
Size
478KB
-
Sample
230811-d52vkacd8s
-
MD5
fc44d05db7c9bc9dcebef7e3a5b96d4c
-
SHA1
59f021c6e90eda72da09f14339c6a18e0c95c052
-
SHA256
ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c
-
SHA512
d070abeaf6a89c55461cc7ef46cdc6051733dd02cfc86d151cef27823d1a1429889cd84cb7b9a228ad7bf8104f6ce7984021d46848551eb481732cda933bfada
-
SSDEEP
12288:IRdPFQ5NAb6jLjFQhdSf14ERIZWScCH9aQ8XEPtZ4R:IR05o6vE/ERLzoatXEPteR
Static task
static1
Behavioral task
behavioral1
Sample
ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c.exe
Resource
win7-20230712-en
Malware Config
Extracted
quasar
1.4.1
spread
adequatelicensing.at:4040
d93e662e-a9de-4198-89ca-f18764fe29de
-
encryption_key
36FFB0B8C391E84D40C64F776A2794BCA2549D86
-
install_name
Updater.exe
-
log_directory
Logs
-
reconnect_delay
1000
-
startup_key
Java Update
-
subdirectory
Java
Targets
-
-
Target
ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c
-
Size
478KB
-
MD5
fc44d05db7c9bc9dcebef7e3a5b96d4c
-
SHA1
59f021c6e90eda72da09f14339c6a18e0c95c052
-
SHA256
ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c
-
SHA512
d070abeaf6a89c55461cc7ef46cdc6051733dd02cfc86d151cef27823d1a1429889cd84cb7b9a228ad7bf8104f6ce7984021d46848551eb481732cda933bfada
-
SSDEEP
12288:IRdPFQ5NAb6jLjFQhdSf14ERIZWScCH9aQ8XEPtZ4R:IR05o6vE/ERLzoatXEPteR
-
Quasar payload
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-