General
-
Target
96aa210f39830b577164ab716a8290e8
-
Size
681KB
-
Sample
240212-jr3slagc31
-
MD5
96aa210f39830b577164ab716a8290e8
-
SHA1
04ca9ad6db2b782fb540f923fc07f2a330267ee2
-
SHA256
1a021a6913ffe897a99cab8101bb53e4e809c3d0aaeb4bcfeab5fa1c5d6baa33
-
SHA512
f0e61e0248123366ac99f608db00b3508448dca95f737a90c31f62c45ee04b93aa818a7e1ffc0a1bd00e8bb399f71ee5b0932c38b5c9f36fe40cf5bd74c0ab68
-
SSDEEP
12288:IzxzTDWikLSb4NS7t2X+t40XW9I8LeI2gozUoCGjHg6EDlWpvbHg17O5:+DWHSb4Nc03GDI2ZzmOAtYpvbs7g
Static task
static1
Behavioral task
behavioral1
Sample
96aa210f39830b577164ab716a8290e8.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.4.0
Bot
10.240.1.51:5353
e747dbb5-149c-4223-a445-cd8edd6c5d0d
-
encryption_key
2FF224B5EA5C506629D2406BD20ADAA057823ADC
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system32
-
subdirectory
SubDir
Targets
-
-
Target
96aa210f39830b577164ab716a8290e8
-
Size
681KB
-
MD5
96aa210f39830b577164ab716a8290e8
-
SHA1
04ca9ad6db2b782fb540f923fc07f2a330267ee2
-
SHA256
1a021a6913ffe897a99cab8101bb53e4e809c3d0aaeb4bcfeab5fa1c5d6baa33
-
SHA512
f0e61e0248123366ac99f608db00b3508448dca95f737a90c31f62c45ee04b93aa818a7e1ffc0a1bd00e8bb399f71ee5b0932c38b5c9f36fe40cf5bd74c0ab68
-
SSDEEP
12288:IzxzTDWikLSb4NS7t2X+t40XW9I8LeI2gozUoCGjHg6EDlWpvbHg17O5:+DWHSb4Nc03GDI2ZzmOAtYpvbs7g
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-