General
-
Target
bf7060399edb1fdaa34ade7888c1e686.bin
-
Size
1.1MB
-
Sample
230819-cjr8kaha9z
-
MD5
49b9a64c3b3cc87205960b56f5ecf6b9
-
SHA1
5b9507942adcc654cd14eaace6baa3453594ea9b
-
SHA256
6a8503c3d4686b5fbcc2459f2a176c485825fbdb80a2666fa722be425e5cb58c
-
SHA512
30465681dbd7011ac162c671f0333f16136216e9968b07b6dbec99f02da9099d7abb0ca311c30bfe5041cd4a90fc974fc14e4ed93a7c43ca1d491f2e0c40035c
-
SSDEEP
24576:N49I5P397bn5vLXxgt4le7VybWJEDXlCUfjU/lC/B/Ksyue+FSWGxNelRxby:N4S5P3VpOt4wEDVFM4/BZtF071
Static task
static1
Behavioral task
behavioral1
Sample
2487094834dfcab7a6c088a1b19188ac66390eb688eb1f8ae290c9cc93b533e6.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2487094834dfcab7a6c088a1b19188ac66390eb688eb1f8ae290c9cc93b533e6.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
2487094834dfcab7a6c088a1b19188ac66390eb688eb1f8ae290c9cc93b533e6.exe
-
Size
1.4MB
-
MD5
bf7060399edb1fdaa34ade7888c1e686
-
SHA1
b4127129516d2d3b32db97bdbb667dffaec1c9bc
-
SHA256
2487094834dfcab7a6c088a1b19188ac66390eb688eb1f8ae290c9cc93b533e6
-
SHA512
b0a02e9bf30e47ad61cbb2cc4eb73423fc3293387cdac29bcefff8abf5041e2501384917da813b541d70ff035b05ff792c05eef980f5397add95e8b435080da5
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
-
Modifies WinLogon for persistence
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1