General
-
Target
bf003c2d1dbdbf67bfdef720d2411224a2a44cdd09eb7f3118883d33c1878431
-
Size
3.1MB
-
Sample
240308-vg1q2ada6y
-
MD5
5075bc76b66217bd9d2c322cea8026f0
-
SHA1
a48ba9a4cf2ccca076c906d3491c98861c7d27bd
-
SHA256
bf003c2d1dbdbf67bfdef720d2411224a2a44cdd09eb7f3118883d33c1878431
-
SHA512
14169452f8e612d3473e2da17624db1add06b48fdf3d958961d51e9edc786a8286fb210d60bc57b79dc18ee6c778e595874be77b7efe04ac839eb54c9bc3a73c
-
SSDEEP
49152:Gvkt62XlaSFNWPjljiFa2RoUYIspWIBBarGLoGdGTHHB72eh2NT:Gv462XlaSFNWPjljiFXRoUYIWWIBJ
Behavioral task
behavioral1
Sample
bf003c2d1dbdbf67bfdef720d2411224a2a44cdd09eb7f3118883d33c1878431.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
build1
testnetwork123.ddns.net:4782
b4867e2a-84d0-48aa-a9d7-3bec9fee8df9
-
encryption_key
EFAB993C2F127EF7DC90902AD3F43CBA897B6832
-
install_name
WinVs.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WindowsVS
-
subdirectory
SubDir
Targets
-
-
Target
bf003c2d1dbdbf67bfdef720d2411224a2a44cdd09eb7f3118883d33c1878431
-
Size
3.1MB
-
MD5
5075bc76b66217bd9d2c322cea8026f0
-
SHA1
a48ba9a4cf2ccca076c906d3491c98861c7d27bd
-
SHA256
bf003c2d1dbdbf67bfdef720d2411224a2a44cdd09eb7f3118883d33c1878431
-
SHA512
14169452f8e612d3473e2da17624db1add06b48fdf3d958961d51e9edc786a8286fb210d60bc57b79dc18ee6c778e595874be77b7efe04ac839eb54c9bc3a73c
-
SSDEEP
49152:Gvkt62XlaSFNWPjljiFa2RoUYIspWIBBarGLoGdGTHHB72eh2NT:Gv462XlaSFNWPjljiFXRoUYIWWIBJ
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-