General
-
Target
05159daa9939d1b218bcd18d07055665
-
Size
13.0MB
-
Sample
231229-1x66msacel
-
MD5
05159daa9939d1b218bcd18d07055665
-
SHA1
ff502ce30b8137501711c8b7efe9244cff090cd8
-
SHA256
a1b00fd448ba5ec440a0bbd9b477288807dbf759b15c6f781a87226b79083f2d
-
SHA512
b8df847c873cde712b7d524b2fe13d61bb35522b6cf47fadf477b1742998cca6b8ef22ed2818b6aa71517772ad3bab31c74ca32680536c655dc289cea2e4fdc7
-
SSDEEP
24576:CVDWxGj2lcr3QYRnnLru9Gw1GbGCnAYgaBXA4sEM25/MXfBaeBs0w3Ak5uFUZwnH:
Static task
static1
Behavioral task
behavioral1
Sample
05159daa9939d1b218bcd18d07055665.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
05159daa9939d1b218bcd18d07055665.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
quasar
2.7.0.0
Venom Client
127.0.0.1:4782
l3btHxEeSzq4eOd1Xn
-
encryption_key
QLpk8Rk5kZNzYEIHJl2g
-
install_name
Venom.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Venom Client Startup
Targets
-
-
Target
05159daa9939d1b218bcd18d07055665
-
Size
13.0MB
-
MD5
05159daa9939d1b218bcd18d07055665
-
SHA1
ff502ce30b8137501711c8b7efe9244cff090cd8
-
SHA256
a1b00fd448ba5ec440a0bbd9b477288807dbf759b15c6f781a87226b79083f2d
-
SHA512
b8df847c873cde712b7d524b2fe13d61bb35522b6cf47fadf477b1742998cca6b8ef22ed2818b6aa71517772ad3bab31c74ca32680536c655dc289cea2e4fdc7
-
SSDEEP
24576:CVDWxGj2lcr3QYRnnLru9Gw1GbGCnAYgaBXA4sEM25/MXfBaeBs0w3Ak5uFUZwnH:
Score10/10-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-