General
-
Target
c0008144ddbf580b5aa762cdc847c84ea6222f9b47543c17ddb90d86cd7fd0caexe_JC.exe
-
Size
877KB
-
Sample
230811-rq2g5sfe2s
-
MD5
d0c51c2447ac3268679d6ca5605404ad
-
SHA1
c1bf165a82ec1d94e6773dc27b2432967baa7814
-
SHA256
c0008144ddbf580b5aa762cdc847c84ea6222f9b47543c17ddb90d86cd7fd0ca
-
SHA512
f7e9a7c31673b49ef36c92a90c75f4fc71f7c17234ab5d3efd4c3b9e42a2c3eaa9acc875e538c6804a96eddaa150e67e5eff4d7aa8cbdc706debffcb1a3f33c0
-
SSDEEP
12288:aNO/e60FFubX3wASUKS/11/cy6muQSo0aENJmTm3k35OjJd+pmzsu8C/V16r9cF:7aKjg5Uvgqu5XlQZpOTtN1I9a
Static task
static1
Behavioral task
behavioral1
Sample
c0008144ddbf580b5aa762cdc847c84ea6222f9b47543c17ddb90d86cd7fd0caexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
c0008144ddbf580b5aa762cdc847c84ea6222f9b47543c17ddb90d86cd7fd0caexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
quasar
1.4.0
KGB
atomic.opdailyallowance.top:6980
3fe32e20-cb27-442c-ae9e-b10263926188
-
encryption_key
77D64A9E7D6F983A450481EF78D99F3A6B8A5925
-
install_name
Chrome.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Chrome
-
subdirectory
ChromeUpdate
Targets
-
-
Target
c0008144ddbf580b5aa762cdc847c84ea6222f9b47543c17ddb90d86cd7fd0caexe_JC.exe
-
Size
877KB
-
MD5
d0c51c2447ac3268679d6ca5605404ad
-
SHA1
c1bf165a82ec1d94e6773dc27b2432967baa7814
-
SHA256
c0008144ddbf580b5aa762cdc847c84ea6222f9b47543c17ddb90d86cd7fd0ca
-
SHA512
f7e9a7c31673b49ef36c92a90c75f4fc71f7c17234ab5d3efd4c3b9e42a2c3eaa9acc875e538c6804a96eddaa150e67e5eff4d7aa8cbdc706debffcb1a3f33c0
-
SSDEEP
12288:aNO/e60FFubX3wASUKS/11/cy6muQSo0aENJmTm3k35OjJd+pmzsu8C/V16r9cF:7aKjg5Uvgqu5XlQZpOTtN1I9a
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-