General
-
Target
bcf82013e39cef4310eb312625ab8598
-
Size
157KB
-
Sample
240309-2elbwscf49
-
MD5
bcf82013e39cef4310eb312625ab8598
-
SHA1
96f423ba66892855a6d67e96a23bdba885f63944
-
SHA256
088023dee5807788786ad2707fa34ae3422654ecb0cb9efbc1eb268cec958ff0
-
SHA512
1cddb94d23d6387dcb0650a74ae2028e6a9744788ce7fe5f4bb98afa41c9670e7097fe1be9b323b2c061742a2c026ea710ff294a3b169085fecdb417beb95ac3
-
SSDEEP
3072:GfckI9Z12hDq4SWe06jQ75GKqEcjk0XkhFBx4:K0Z12jjM400Tw
Behavioral task
behavioral1
Sample
bcf82013e39cef4310eb312625ab8598.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bcf82013e39cef4310eb312625ab8598.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.4.0.0
Games
services18.dns.army:7000
ss1999.64-b.it:7000
5EwVZpKkbJ5fq0j9og
-
encryption_key
O6mxl5VNcg9uGSOey4nY
-
install_name
Instalation Rep.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Firefox Update
-
subdirectory
Instalation
Targets
-
-
Target
bcf82013e39cef4310eb312625ab8598
-
Size
157KB
-
MD5
bcf82013e39cef4310eb312625ab8598
-
SHA1
96f423ba66892855a6d67e96a23bdba885f63944
-
SHA256
088023dee5807788786ad2707fa34ae3422654ecb0cb9efbc1eb268cec958ff0
-
SHA512
1cddb94d23d6387dcb0650a74ae2028e6a9744788ce7fe5f4bb98afa41c9670e7097fe1be9b323b2c061742a2c026ea710ff294a3b169085fecdb417beb95ac3
-
SSDEEP
3072:GfckI9Z12hDq4SWe06jQ75GKqEcjk0XkhFBx4:K0Z12jjM400Tw
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-