General
-
Target
d151668cc8126a84f824dc66856e77f7
-
Size
2.6MB
-
Sample
231220-sfrevsdeg9
-
MD5
d151668cc8126a84f824dc66856e77f7
-
SHA1
4c2fda4ab4aded1275a0fde6c644a65cc5dec6d0
-
SHA256
251bcc9f598fcae75d9aa7eb0e9c265d55847ab56f47c066376cffe695045766
-
SHA512
0eb38a3f80da0f7c8be762253dc44a3429fa5535d2219664c6f80b025c51c127ffe6a9486418415384b86d2f037c0877d4180e3d981f46d730c1888344419474
-
SSDEEP
3072:vaYxWNzXZmlCBed9Lg6QjTfLCbCXTucxBZ:vLxszX7wijTff
Static task
static1
Behavioral task
behavioral1
Sample
d151668cc8126a84f824dc66856e77f7.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.4.0
KURBAN
zheresss.duckdns.org:4782
7d4567a3-a2c5-4e67-a173-49a6c1ff9ba1
-
encryption_key
86FD1C543EB2555B79B5BA711E72F897DDD244DE
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
FxsTmps
Targets
-
-
Target
d151668cc8126a84f824dc66856e77f7
-
Size
2.6MB
-
MD5
d151668cc8126a84f824dc66856e77f7
-
SHA1
4c2fda4ab4aded1275a0fde6c644a65cc5dec6d0
-
SHA256
251bcc9f598fcae75d9aa7eb0e9c265d55847ab56f47c066376cffe695045766
-
SHA512
0eb38a3f80da0f7c8be762253dc44a3429fa5535d2219664c6f80b025c51c127ffe6a9486418415384b86d2f037c0877d4180e3d981f46d730c1888344419474
-
SSDEEP
3072:vaYxWNzXZmlCBed9Lg6QjTfLCbCXTucxBZ:vLxszX7wijTff
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-