General
-
Target
cc78525e4f1327b1bfcd18c62443792a
-
Size
1.5MB
-
Sample
240315-2w2p7sdc2w
-
MD5
cc78525e4f1327b1bfcd18c62443792a
-
SHA1
e2d7cbb7c96e72ce96459e149ce2c7a0c9397493
-
SHA256
d48f4ded8fe684aaf8b898d917ed959bbd905e098ff7a2f1f9864dfff2dd293d
-
SHA512
cdaacf2d14e86b58e3dee8c9fbca4edb8a1f7128674e51d2f2054459e9c9e36f9084df66a6d5dde76236df7ede44cbf6b86ac91ba9d3f6f7f3db8e6d356fdfa9
-
SSDEEP
24576:ceCV6JkaSF6VHYSkZH5MFgkU7eCV6JkaSF6VHYSkZH5MFgkU:XZgSrIqZgSrI
Static task
static1
Behavioral task
behavioral1
Sample
cc78525e4f1327b1bfcd18c62443792a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc78525e4f1327b1bfcd18c62443792a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.3.0.0
ydsysyweyewq
192.168.1.2:2137
127.0.0.1:2137
gsdah8s7dh89sda7h9sd7y9wdyqwe7yq
-
encryption_key
7kpbmCm7lhBEd7b5TRfT
-
install_name
Client.exe
-
log_directory
LoggedAsF
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
cc78525e4f1327b1bfcd18c62443792a
-
Size
1.5MB
-
MD5
cc78525e4f1327b1bfcd18c62443792a
-
SHA1
e2d7cbb7c96e72ce96459e149ce2c7a0c9397493
-
SHA256
d48f4ded8fe684aaf8b898d917ed959bbd905e098ff7a2f1f9864dfff2dd293d
-
SHA512
cdaacf2d14e86b58e3dee8c9fbca4edb8a1f7128674e51d2f2054459e9c9e36f9084df66a6d5dde76236df7ede44cbf6b86ac91ba9d3f6f7f3db8e6d356fdfa9
-
SSDEEP
24576:ceCV6JkaSF6VHYSkZH5MFgkU7eCV6JkaSF6VHYSkZH5MFgkU:XZgSrIqZgSrI
Score10/10-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-