General
-
Target
dotNET_reactor.exe
-
Size
1.5MB
-
Sample
231008-aqzj4sbc59
-
MD5
7f99586d030c79d0ca8bba0c2589a5ba
-
SHA1
26adf5562bcca4557a29c798a409c721a51e3528
-
SHA256
2a0324c1cb8517890533e3400c2ab4d758cc4a44cc95135d081e538453c8d977
-
SHA512
5454a9003678fe48171c8f997328cf2796d309164d354a7a873545852bf9c16845579afbe29a0e4aa81023c70d2833443fa854985887b9efdc0fad574f63bd0e
-
SSDEEP
24576:cGxDw6VZtjjYY6+1O0kTxY58oIe8t6W6r5jDpqiqIMQR23LTZv:zfVHh6ovkTxYMs9GiqIMQix
Static task
static1
Behavioral task
behavioral1
Sample
dotNET_reactor.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dotNET_reactor.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
quasar
1.4.1
$$$$
amazonshipping.duckdns.org:3184
238fcca6-ae23-484b-82e4-5e1d37672924
-
encryption_key
15CB3BC7C96B95EC1FB1E6A2BB16B0B7BAEE8D08
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
SubDir
Targets
-
-
Target
dotNET_reactor.exe
-
Size
1.5MB
-
MD5
7f99586d030c79d0ca8bba0c2589a5ba
-
SHA1
26adf5562bcca4557a29c798a409c721a51e3528
-
SHA256
2a0324c1cb8517890533e3400c2ab4d758cc4a44cc95135d081e538453c8d977
-
SHA512
5454a9003678fe48171c8f997328cf2796d309164d354a7a873545852bf9c16845579afbe29a0e4aa81023c70d2833443fa854985887b9efdc0fad574f63bd0e
-
SSDEEP
24576:cGxDw6VZtjjYY6+1O0kTxY58oIe8t6W6r5jDpqiqIMQR23LTZv:zfVHh6ovkTxYMs9GiqIMQix
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-