General
-
Target
4545.dll
-
Size
627KB
-
Sample
230821-prkjxacg64
-
MD5
86efe486dedbca08d9ce8a0b4156b75b
-
SHA1
4f977cef5183e3d325cd8f9bb245b7de0f288256
-
SHA256
9b85fbfa3892a7a6deffba5d5bc5dd9c35ac6cb97a631752142faa0839423186
-
SHA512
56ba499f7e9dddccb029337048713171bc47f9055de68bb4a734a617fc12bf1870326ab97c3838e6c16e809d1c38326a57585469f40843e6ed54d92b5f1cca76
-
SSDEEP
12288:2TrZPDCk8aIcpSUM8IbLnFEeVJGAuG/g1ms5ULR:Ekk8av9IXFZoA9ghG
Static task
static1
Malware Config
Extracted
quasar
1.4.0.0
tt
139.99.32.95:8888
HppI5biWMFuomgcjmz
-
encryption_key
nzQ60hZEAGD2pwynMrhx
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
4545.dll
-
Size
627KB
-
MD5
86efe486dedbca08d9ce8a0b4156b75b
-
SHA1
4f977cef5183e3d325cd8f9bb245b7de0f288256
-
SHA256
9b85fbfa3892a7a6deffba5d5bc5dd9c35ac6cb97a631752142faa0839423186
-
SHA512
56ba499f7e9dddccb029337048713171bc47f9055de68bb4a734a617fc12bf1870326ab97c3838e6c16e809d1c38326a57585469f40843e6ed54d92b5f1cca76
-
SSDEEP
12288:2TrZPDCk8aIcpSUM8IbLnFEeVJGAuG/g1ms5ULR:Ekk8av9IXFZoA9ghG
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-