General
-
Target
10bb8284965045b7c9bc442e5ce1f184
-
Size
691KB
-
Sample
231230-gw7k8sadcm
-
MD5
10bb8284965045b7c9bc442e5ce1f184
-
SHA1
0ca24ca1e8d2f4a9fecaea0134233781cb57e125
-
SHA256
b19c884ff608ddcd01a1961791de3c8a4a058f7c17f23abec5a1aeb0ee2f44ff
-
SHA512
9802721432375befb67b83122eb0d1260db698c2a74c7d0aff15ed3da5f433aff2d3fafa66369b997586a7b79740108fb923eaf9caee7032ff98a165aaebc87a
-
SSDEEP
12288:N8F2v5RYZjGagUjAtN8yt00khHaK/0CrMixd/+RGzXsMB9h7ukziWy9EUKFTZdX1:N8iTYZjGM8D8GKMCrMi3JzXsW9ESiWyS
Static task
static1
Behavioral task
behavioral1
Sample
10bb8284965045b7c9bc442e5ce1f184.exe
Resource
win7-20231129-en
Malware Config
Extracted
quasar
1.4.0.0
Office04
127.0.0.1:443
FBdXANGH0BYFlg9CNn
-
encryption_key
A6NhGxikgt5GpTQYuW3i
-
install_name
Microsoft Offline.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft Offline
-
subdirectory
SubDir
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
10bb8284965045b7c9bc442e5ce1f184
-
Size
691KB
-
MD5
10bb8284965045b7c9bc442e5ce1f184
-
SHA1
0ca24ca1e8d2f4a9fecaea0134233781cb57e125
-
SHA256
b19c884ff608ddcd01a1961791de3c8a4a058f7c17f23abec5a1aeb0ee2f44ff
-
SHA512
9802721432375befb67b83122eb0d1260db698c2a74c7d0aff15ed3da5f433aff2d3fafa66369b997586a7b79740108fb923eaf9caee7032ff98a165aaebc87a
-
SSDEEP
12288:N8F2v5RYZjGagUjAtN8yt00khHaK/0CrMixd/+RGzXsMB9h7ukziWy9EUKFTZdX1:N8iTYZjGM8D8GKMCrMi3JzXsW9ESiWyS
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-