General
-
Target
c1abb01a144a1e855ff3e360b2a8329c.bin
-
Size
4.7MB
-
Sample
240313-c8jbyscg95
-
MD5
c1abb01a144a1e855ff3e360b2a8329c
-
SHA1
9e40626658bbd8785cbf9eb579c5db9ebe2082db
-
SHA256
cac4298cdde53f6551ed09e3653487db2c035f99170595fc34ee356a86c72b93
-
SHA512
8b2d57fbe4b4a81a23bf9827941e5fb230edd17aa11441b73aa66e1522e321196ae32076f3516cc14a786f86fa949ae44fb6cce39c5d20d659afd04967b50475
-
SSDEEP
98304:q8rJU7P47CtYVc7uc5mBexrzU1ZBZ7X7luqQAFDiX2hP1Z+ulQZ+76:qXoc7u4mBo4ZLXhuPAFDimhP1xe
Static task
static1
Behavioral task
behavioral1
Sample
c1abb01a144a1e855ff3e360b2a8329c.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.3.0.0
chrome
12432412412.hopto.org:4782
QSR_MUTEX_6sfaGxuBDh3A5EdTFe
-
encryption_key
QPRe1YR5RuCsiP1u8cYv
-
install_name
chrome.exe
-
log_directory
Logs1
-
reconnect_delay
3000
-
startup_key
Startup
-
subdirectory
sys
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
c1abb01a144a1e855ff3e360b2a8329c.bin
-
Size
4.7MB
-
MD5
c1abb01a144a1e855ff3e360b2a8329c
-
SHA1
9e40626658bbd8785cbf9eb579c5db9ebe2082db
-
SHA256
cac4298cdde53f6551ed09e3653487db2c035f99170595fc34ee356a86c72b93
-
SHA512
8b2d57fbe4b4a81a23bf9827941e5fb230edd17aa11441b73aa66e1522e321196ae32076f3516cc14a786f86fa949ae44fb6cce39c5d20d659afd04967b50475
-
SSDEEP
98304:q8rJU7P47CtYVc7uc5mBexrzU1ZBZ7X7luqQAFDiX2hP1Z+ulQZ+76:qXoc7u4mBo4ZLXhuPAFDimhP1xe
-
Quasar payload
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1