General
-
Target
b71bf7eef397522a3ca415fd83c0c393e328eaf5c61edf622289cfc5c2b4f6dd
-
Size
10.7MB
-
Sample
240313-y2f4xahe56
-
MD5
8634d93ae4d9e6a763b3fe9d140d820e
-
SHA1
1c95c71759a567de680b1297c8246d9bfdd2b5eb
-
SHA256
b71bf7eef397522a3ca415fd83c0c393e328eaf5c61edf622289cfc5c2b4f6dd
-
SHA512
7466e9aba04c00150b0c3fef0a4523b31b744f844eaef11b153d970324cd6c23be114d4a553bf95ba035cfef74fc2319e73f5fda433a7cc178b7cc223992b5f3
-
SSDEEP
196608:LjFFiW2UScT5iw+iwlDXIIwQAlNTyCxI5lIBbNy4AGyqrkE8vdkTnldj0I2b:399iw+iwlTyRG5Kz1AG60HQLb
Static task
static1
Behavioral task
behavioral1
Sample
Loader/Loader.bat
Resource
win7-20240221-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
Loader/Loader.bat
-
Size
15.5MB
-
MD5
93541c36ee40795ccc189fb022516b54
-
SHA1
e5e6bdbd95f51cbfc6517ac23c82b78692070adf
-
SHA256
003e0a11bab9bfd3ddf52b2accc22b49e63840f3c87d159ab40a643a2924d2bb
-
SHA512
2f97eac0aadff823d43252eafaf424aa254765b929c27e7e4f98a842878ae19957cfa12b41d15a06b0101b2ed475e616b648428e8e8a1401f6ccbfc221e3eac2
-
SSDEEP
49152:lCMYz+PxQXhhrdeSscl/8fV2zPUyZQQMjYyVAOXm2qSFSNDgrcg5RwoPP6zKu7zl:A
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-