General
-
Target
acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c
-
Size
1.3MB
-
Sample
240106-b7qtzaedck
-
MD5
9618ca6b1d92c21bc34e8eb244f2dc71
-
SHA1
77c0123220f2133e5d857d181bec20f1e34669c5
-
SHA256
acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c
-
SHA512
c8da36836932cf396b8671cc4ce0433f1065c8036c47056046cb74311afabbc1c7426c5a89d72f31ba17b1a7f54e0d0aadedb175b6bb36515b6a83b218f3322d
-
SSDEEP
24576:yhvJVJdMf0653D7jilY6MkfT8BUIPZ1TD3XjfmWlI8lWlHrix:C3ds7jilYLUTIUI5Iy6Hm
Static task
static1
Behavioral task
behavioral1
Sample
acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c.exe
Resource
win7-20231129-en
Malware Config
Extracted
quasar
1.4.1
Office04
10.0.0.245:4782
192.168.56.1:4782
99.247.192.130:4782
29fd0c6e-f22f-4381-839b-448094501b48
-
encryption_key
5C428187ECC1B4E662FECE9D197F4BA9623ED285
-
install_name
System.exe
-
log_directory
System Logs
-
reconnect_delay
2000
-
startup_key
System
-
subdirectory
SubDir
Targets
-
-
Target
acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c
-
Size
1.3MB
-
MD5
9618ca6b1d92c21bc34e8eb244f2dc71
-
SHA1
77c0123220f2133e5d857d181bec20f1e34669c5
-
SHA256
acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c
-
SHA512
c8da36836932cf396b8671cc4ce0433f1065c8036c47056046cb74311afabbc1c7426c5a89d72f31ba17b1a7f54e0d0aadedb175b6bb36515b6a83b218f3322d
-
SSDEEP
24576:yhvJVJdMf0653D7jilY6MkfT8BUIPZ1TD3XjfmWlI8lWlHrix:C3ds7jilYLUTIUI5Iy6Hm
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-