General
-
Target
15570cfcccc4a0a7aacd356fce6164fb
-
Size
941KB
-
Sample
231230-l47cnaebdj
-
MD5
15570cfcccc4a0a7aacd356fce6164fb
-
SHA1
f4a6a9a343c2ec88197e1b26d766d70f88e18a9f
-
SHA256
f176013ba4695eb876b9d3898e7b7649ac073ef0be38d84fbc43de02dd6964cf
-
SHA512
ae3390581d744e1d842d84635e11673e82210b571cb29b19248b921c8ad800d45e542c818215b3875a4e95bd2bbccc40b3fab0da7803f5b02591f501c84b71a3
-
SSDEEP
12288:yHySSbYbxLWIBZwDMwDNMY5x0yVbHTZWwTP:y3pAbF1
Static task
static1
Behavioral task
behavioral1
Sample
15570cfcccc4a0a7aacd356fce6164fb.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
127.0.0.1:3329
QSR_MUTEX_huCOPCLvtEYS3VA14U
-
encryption_key
0Cv4PXGxuFTZEJk00S46
-
install_name
update.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
java
Targets
-
-
Target
15570cfcccc4a0a7aacd356fce6164fb
-
Size
941KB
-
MD5
15570cfcccc4a0a7aacd356fce6164fb
-
SHA1
f4a6a9a343c2ec88197e1b26d766d70f88e18a9f
-
SHA256
f176013ba4695eb876b9d3898e7b7649ac073ef0be38d84fbc43de02dd6964cf
-
SHA512
ae3390581d744e1d842d84635e11673e82210b571cb29b19248b921c8ad800d45e542c818215b3875a4e95bd2bbccc40b3fab0da7803f5b02591f501c84b71a3
-
SSDEEP
12288:yHySSbYbxLWIBZwDMwDNMY5x0yVbHTZWwTP:y3pAbF1
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-