General
-
Target
09a8420f132e0ecc5725d7055d4201dc
-
Size
16.8MB
-
Sample
231230-bj4e6aaec9
-
MD5
09a8420f132e0ecc5725d7055d4201dc
-
SHA1
4d86e14b074504cddd76da50f2a3425067d484c3
-
SHA256
f546c80fed56869c11e41e892fcf4485e1704ccfb084e115d5377e453637fa6d
-
SHA512
3710add228ef718490e3eadbe9c6d82e8cbadcb86d97a6f474243e7d5fd9ea13fdd87e38defd271ead37d0e1e362dfd358319f376969548530e82c40fcea0582
-
SSDEEP
393216:PaYS7OwgupiwzH84x2RybUbEp/IkqPJiQIDTrwN:Pa/ivOzHSobUbE1IkqPJMDvc
Static task
static1
Behavioral task
behavioral1
Sample
09a8420f132e0ecc5725d7055d4201dc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
09a8420f132e0ecc5725d7055d4201dc.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
quasar
2.1.0.0
Office04
smtp.yassine-bolard.nl:72
82.65.150.176:72
VNM_MUTEX_c2q7y2ayYutZ2XaYe7
-
encryption_key
V8QkE5vrgV4DVybE2MTP
-
install_name
$77Discord.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Discord
-
subdirectory
Discord
Targets
-
-
Target
09a8420f132e0ecc5725d7055d4201dc
-
Size
16.8MB
-
MD5
09a8420f132e0ecc5725d7055d4201dc
-
SHA1
4d86e14b074504cddd76da50f2a3425067d484c3
-
SHA256
f546c80fed56869c11e41e892fcf4485e1704ccfb084e115d5377e453637fa6d
-
SHA512
3710add228ef718490e3eadbe9c6d82e8cbadcb86d97a6f474243e7d5fd9ea13fdd87e38defd271ead37d0e1e362dfd358319f376969548530e82c40fcea0582
-
SSDEEP
393216:PaYS7OwgupiwzH84x2RybUbEp/IkqPJiQIDTrwN:Pa/ivOzHSobUbE1IkqPJMDvc
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-