General
-
Target
NEAS.9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88exe_JC.exe
-
Size
502KB
-
Sample
231023-v9xvvabg2v
-
MD5
f4a3d9404ad522ec1b9bd8feb8dca3b5
-
SHA1
33201170d62419689b5685b22325512c27ca16ab
-
SHA256
9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88
-
SHA512
c593bab9c02e4a5a78d420710e422e8b562e2d2e040c745a75aac4a44695ec8d8e83ef999abd17fdd0db0e668a390d93f9d121446fb2f702d982e0bc8e04beea
-
SSDEEP
6144:8zAOLe5C9/l3Iv3hlwJYrCp5+kP/af/9jwlYj4ixSP7PtcaZuSrg6n2i3UMyoQTk:8zxICbojRxEceusRn1EvQY
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88exe_JC.exe
Resource
win7-20231020-en
Malware Config
Extracted
quasar
1.4.0.0
Office
37.1.207.27:222
7xg1muSKali1I2y5IZ
-
encryption_key
KWyZntdiPrrGnzylskuR
-
install_name
csrss.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
NET framework
-
subdirectory
SubDir
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
NEAS.9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88exe_JC.exe
-
Size
502KB
-
MD5
f4a3d9404ad522ec1b9bd8feb8dca3b5
-
SHA1
33201170d62419689b5685b22325512c27ca16ab
-
SHA256
9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88
-
SHA512
c593bab9c02e4a5a78d420710e422e8b562e2d2e040c745a75aac4a44695ec8d8e83ef999abd17fdd0db0e668a390d93f9d121446fb2f702d982e0bc8e04beea
-
SSDEEP
6144:8zAOLe5C9/l3Iv3hlwJYrCp5+kP/af/9jwlYj4ixSP7PtcaZuSrg6n2i3UMyoQTk:8zxICbojRxEceusRn1EvQY
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-