General
-
Target
Client.exe
-
Size
1.2MB
-
Sample
240201-plwd8adcc4
-
MD5
e0578185ba00836f1971e48cf4da4580
-
SHA1
42a4e35d4aab1d8cca6459a808573927cb4e18c7
-
SHA256
6e7f1b5bd5b7696ef942013c9d8151420dd29849514be091b43b1fcb9a193d73
-
SHA512
399ed216148ec9ec1c7aef1af0298abd3ffbeba73105ea398dc294370d25c57909e59563083a79a511732c0b8381ad19c551c0f3c1eb9b104b5c3e229c9c6775
-
SSDEEP
24576:WBY9DN/ISlbnyr+rCy/++9vFgWZiA+8qIElcP25WwjorMjTXqxjfxl:WgDfmrEdS1iEmrGgd
Static task
static1
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.3.0.0
nulled
147.50.240.233:8008
QSR_MUTEX_vjlanSKDAVykDAvDJ6
-
encryption_key
d4qN0cIZpTNNR0XsDxxy
-
install_name
thick.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
updates
-
subdirectory
SubDir
Targets
-
-
Target
Client.exe
-
Size
1.2MB
-
MD5
e0578185ba00836f1971e48cf4da4580
-
SHA1
42a4e35d4aab1d8cca6459a808573927cb4e18c7
-
SHA256
6e7f1b5bd5b7696ef942013c9d8151420dd29849514be091b43b1fcb9a193d73
-
SHA512
399ed216148ec9ec1c7aef1af0298abd3ffbeba73105ea398dc294370d25c57909e59563083a79a511732c0b8381ad19c551c0f3c1eb9b104b5c3e229c9c6775
-
SSDEEP
24576:WBY9DN/ISlbnyr+rCy/++9vFgWZiA+8qIElcP25WwjorMjTXqxjfxl:WgDfmrEdS1iEmrGgd
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-