General
-
Target
c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4
-
Size
3.2MB
-
Sample
240313-dhxmbsbc71
-
MD5
5d04c84add433ddf601ff9de6862d9bf
-
SHA1
32e33e2ed46bff117148f21f038b98b462a8fca6
-
SHA256
c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4
-
SHA512
4fd86b27d75e06900b2b06c772fb3ba1236e39d4c99bf07b21c9fb5545dcd1554e7dc476faf7a5e4e94063d9cb9a8365286a4c553ebc1cddca39580b285be9a0
-
SSDEEP
49152:QvBt62XlaSFNWPjljiFa2RoUYIJIRJ6MbR3LoGd4CTHHB72eh2NT:Qvr62XlaSFNWPjljiFXRoUYIJIRJ6WI
Behavioral task
behavioral1
Sample
c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
paras
myhost567098.ddns.net:4782
ed3740ef-5b56-4c1b-b8e8-4869a98d9df2
-
encryption_key
DF1B77D370240560AD7587D3FEFAC938EF88DB93
-
install_name
gta 6.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
gta update
-
subdirectory
game
Targets
-
-
Target
c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4
-
Size
3.2MB
-
MD5
5d04c84add433ddf601ff9de6862d9bf
-
SHA1
32e33e2ed46bff117148f21f038b98b462a8fca6
-
SHA256
c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4
-
SHA512
4fd86b27d75e06900b2b06c772fb3ba1236e39d4c99bf07b21c9fb5545dcd1554e7dc476faf7a5e4e94063d9cb9a8365286a4c553ebc1cddca39580b285be9a0
-
SSDEEP
49152:QvBt62XlaSFNWPjljiFa2RoUYIJIRJ6MbR3LoGd4CTHHB72eh2NT:Qvr62XlaSFNWPjljiFXRoUYIJIRJ6WI
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-