General
-
Target
sender_Leaked.bin
-
Size
10.4MB
-
Sample
231125-s9wlnsbc69
-
MD5
ec24824b426d96f1137c664f23309a97
-
SHA1
0eb8f4d89dc4ac3824d0ce3a4d872c2ab0d52b38
-
SHA256
bd129bf2a26437a068b7486b46ca77d6f45786ac9f400c94678c0fdd15759a42
-
SHA512
14a2701c7551232da3c1d5d9cb18cf76f6aed52e046b6fd5aed9fd65bfa9058090a95331265f550d677b1c9947194f4b2e035ee2a8c9d7faa7d4b109e6c15738
-
SSDEEP
196608:XHdqeGkP/DnwZsupqDA1jV19v7+dPB68K1T59Y8pC/Uhh6ipc+46h:NFrn8sOqkFV1B+JB6F59bpP7xc+ph
Static task
static1
Behavioral task
behavioral1
Sample
sender_Leaked.exe
Resource
win7-20231025-en
Malware Config
Extracted
quasar
1.4.0.0
Office04
185.238.3.205:6669
FZ9tFtIMY3x5Jj5ovh
-
encryption_key
1HbcTxYxyoztsN63DXRU
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
sender_Leaked.bin
-
Size
10.4MB
-
MD5
ec24824b426d96f1137c664f23309a97
-
SHA1
0eb8f4d89dc4ac3824d0ce3a4d872c2ab0d52b38
-
SHA256
bd129bf2a26437a068b7486b46ca77d6f45786ac9f400c94678c0fdd15759a42
-
SHA512
14a2701c7551232da3c1d5d9cb18cf76f6aed52e046b6fd5aed9fd65bfa9058090a95331265f550d677b1c9947194f4b2e035ee2a8c9d7faa7d4b109e6c15738
-
SSDEEP
196608:XHdqeGkP/DnwZsupqDA1jV19v7+dPB68K1T59Y8pC/Uhh6ipc+46h:NFrn8sOqkFV1B+JB6F59bpP7xc+ph
-
Quasar payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-