General
-
Target
3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
-
Size
3.1MB
-
Sample
231107-lbxbzsfd24
-
MD5
7c286bfc44121880fd6f519cef8dbb76
-
SHA1
f63c551d27e7dcaa8391efb6efc8e3edbb5405de
-
SHA256
3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
-
SHA512
9c7ff4e205b75d6e342a26e1d35db0fcc5e1dd86ad61726606a4f8f3fceb749a175d4c93f12157182e26c798dc9faacb3787c79b61d90698d3589b049d2a8b55
-
SSDEEP
49152:GvXI22SsaNYfdPBldt698dBcjHU6DkE2Hsk/+FgoGdn+fTHHB72eh2NT:GvY22SsaNYfdPBldt6+dBcjHU6DJeu
Behavioral task
behavioral1
Sample
3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d.exe
Resource
win7-20231023-en
Malware Config
Extracted
quasar
1.4.1
Sys32
180.195.205.155:4782
cb2c21d0-caea-4e5b-aec0-8169b705d768
-
encryption_key
9A4F139DB2DACE4C19ACED3CE2C37A9E9F5329AA
-
install_name
Sys32.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
-
Size
3.1MB
-
MD5
7c286bfc44121880fd6f519cef8dbb76
-
SHA1
f63c551d27e7dcaa8391efb6efc8e3edbb5405de
-
SHA256
3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
-
SHA512
9c7ff4e205b75d6e342a26e1d35db0fcc5e1dd86ad61726606a4f8f3fceb749a175d4c93f12157182e26c798dc9faacb3787c79b61d90698d3589b049d2a8b55
-
SSDEEP
49152:GvXI22SsaNYfdPBldt698dBcjHU6DkE2Hsk/+FgoGdn+fTHHB72eh2NT:GvY22SsaNYfdPBldt6+dBcjHU6DJeu
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-