General
-
Target
setup (1).bat
-
Size
14KB
-
Sample
240317-cg6m6sbh52
-
MD5
2c0ee080298d0de1320e6e7eda4ca39b
-
SHA1
edd03f96d4f4277a24e541376fdddf43439b4a99
-
SHA256
7e81cadeef133c8230dbe26f95a66d3b47cead73ba1e37170ac95869abe17f8e
-
SHA512
ffdfd43eb46107be849d3e1938d1db0be87d27700799a9f31527b512abaca615241c6ee2d6358061d5ea133233aa0edda9908091419c024977b25365064d9e64
-
SSDEEP
192:HbKSAmk7b/FQASmmZrQCgljChA4DW0JyquFnpUoH:H28k7b/hkQCgljwAEbyvFpL
Static task
static1
Behavioral task
behavioral1
Sample
setup (1).bat
Resource
win7-20240221-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
setup (1).bat
-
Size
14KB
-
MD5
2c0ee080298d0de1320e6e7eda4ca39b
-
SHA1
edd03f96d4f4277a24e541376fdddf43439b4a99
-
SHA256
7e81cadeef133c8230dbe26f95a66d3b47cead73ba1e37170ac95869abe17f8e
-
SHA512
ffdfd43eb46107be849d3e1938d1db0be87d27700799a9f31527b512abaca615241c6ee2d6358061d5ea133233aa0edda9908091419c024977b25365064d9e64
-
SSDEEP
192:HbKSAmk7b/FQASmmZrQCgljChA4DW0JyquFnpUoH:H28k7b/hkQCgljwAEbyvFpL
-
Quasar payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-