General
-
Target
SMTPCracker.rar
-
Size
10.7MB
-
Sample
231114-j7s84aab33
-
MD5
f1b8bcdbf2fd63aad4121fae7b049872
-
SHA1
72219cf16082b797258b4efb9fee09033c2985fb
-
SHA256
276651f7dd96609c1bb4ec9941cd393f21ca1669a95613e528391f6c5f714a98
-
SHA512
aff7fac8d3b1b2ed5a62349bbc839186cc5ee8e5d7a278c5b2fbfc312ec541408e580ef30c79fe8a5cc15a7b74105c414c1b5c93e0420e52d82bff2d9f0463aa
-
SSDEEP
196608:JwJAPeBFdxEW7waicbfenrA975I6SX9F7Q9IlV0QGQUwvBgu+9f33g8FhbWc562v:JJe73x7waiFA55I6S7QGfGQUM69f3RFD
Static task
static1
Behavioral task
behavioral1
Sample
SMTPCracker.exe
Resource
win7-20231023-en
Malware Config
Extracted
quasar
1.4.0.0
Office04
185.238.3.205:6669
FZ9tFtIMY3x5Jj5ovh
-
encryption_key
1HbcTxYxyoztsN63DXRU
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
SMTPCracker.exe
-
Size
10.7MB
-
MD5
d64f2b546eb53c239d4c00d60afce47a
-
SHA1
b6f8c4de9ee7805d2a4d4f132224a027665b327b
-
SHA256
32dff5051bc3dcce646f397a3691c1dea13181c57c5d6d5d33d854bbfc23db38
-
SHA512
0eeaa7379795c38c6b928a6bbc1b9d0d9b4c33383cdad5edf26d813b9294998bc7720c3360239c3dd79b880820785f3e7ceaca3079d4c776a685e453a667018e
-
SSDEEP
196608:sXaWLQDnwZsupqDA1jV19v7+dPB68K1T59Y8pC/UhV6ipR+46b:sKzn8sOqkFV1B+JB6F59bpP3xR+pb
-
Quasar payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-