General
-
Target
qsr.exe
-
Size
3.1MB
-
Sample
240312-e5g1tsge4x
-
MD5
ac7b7f68066cbc718aa2a67f10de5efb
-
SHA1
4707a795092858e307d628e51504e06543f9e43b
-
SHA256
0ff20c4d06d7f5d2a258515572f7fc1c9e25580b44e4e6469444bd0adffa142a
-
SHA512
0016adeffb28c687a11588aa3b002080b0ff9e7f575df358f4ef1a162de1845f14190de5cd948c829b86762c3d81a7802ed1f02af3646313e832cea82ed85884
-
SSDEEP
49152:CvfI22SsaNYfdPBldt698dBcjH2CD1JuLoGdNTHHB72eh2NT:Cvw22SsaNYfdPBldt6+dBcjH2C0
Behavioral task
behavioral1
Sample
qsr.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
faggot04
192.168.1.1:4782
35d8d0ac-1d82-4d57-b8b2-283b0f5da10a
-
encryption_key
31FA6EEF03F17469692032E8114E0AE50F34D046
-
install_name
Client.exe
-
log_directory
Program Files (x64)
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
qsr.exe
-
Size
3.1MB
-
MD5
ac7b7f68066cbc718aa2a67f10de5efb
-
SHA1
4707a795092858e307d628e51504e06543f9e43b
-
SHA256
0ff20c4d06d7f5d2a258515572f7fc1c9e25580b44e4e6469444bd0adffa142a
-
SHA512
0016adeffb28c687a11588aa3b002080b0ff9e7f575df358f4ef1a162de1845f14190de5cd948c829b86762c3d81a7802ed1f02af3646313e832cea82ed85884
-
SSDEEP
49152:CvfI22SsaNYfdPBldt698dBcjH2CD1JuLoGdNTHHB72eh2NT:Cvw22SsaNYfdPBldt6+dBcjH2C0
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-