General
-
Target
0x000600000001b030-21.dat
-
Size
3.1MB
-
Sample
231006-rt355sch9w
-
MD5
e59e289b47fee7506e2cc216378f3955
-
SHA1
0dc7ab970aac7e9348928415ee5bdae424415489
-
SHA256
6299e3156cc953585df57ec5f47b8674bee9598c479cd6096871126e2d4632cf
-
SHA512
0c0c815d387ee0edf5a2ac1323377b4f93a2d76a5061bbaa04cf3f41e4bb053440561608da9ace7387c3433b0ae1888fdbe724fc0840b38733a3dba462cb1cef
-
SSDEEP
49152:Dv+I22SsaNYfdPBldt698dBcjHnMOBqsarFUoGdkATHHB72eh2NT:Dvz22SsaNYfdPBldt6+dBcjHMoqc0
Behavioral task
behavioral1
Sample
0x000600000001b030-21.exe
Resource
win7-20230831-en
Malware Config
Extracted
quasar
1.4.1
Slave
fgudhiiugiufgifufgihdhuidfxgd.duckdns.org:4782
c01ef685-50b2-41b1-af94-aee5bc04e6fd
-
encryption_key
6550C5FD133683B3330870C778B7DB73E923F472
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
SubDir
Targets
-
-
Target
0x000600000001b030-21.dat
-
Size
3.1MB
-
MD5
e59e289b47fee7506e2cc216378f3955
-
SHA1
0dc7ab970aac7e9348928415ee5bdae424415489
-
SHA256
6299e3156cc953585df57ec5f47b8674bee9598c479cd6096871126e2d4632cf
-
SHA512
0c0c815d387ee0edf5a2ac1323377b4f93a2d76a5061bbaa04cf3f41e4bb053440561608da9ace7387c3433b0ae1888fdbe724fc0840b38733a3dba462cb1cef
-
SSDEEP
49152:Dv+I22SsaNYfdPBldt698dBcjHnMOBqsarFUoGdkATHHB72eh2NT:Dvz22SsaNYfdPBldt6+dBcjHMoqc0
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-