General
-
Target
6ce9c0ea355a3baed90c8ac4807f89069789ff03e105838002dd3ee7ce1b5830
-
Size
633KB
-
Sample
240329-zz7draae62
-
MD5
a2f6df739bd33b7e2332165f6d2eebf7
-
SHA1
02287abc852e0a4096c08e3f4fcba65c0ac9d60b
-
SHA256
6ce9c0ea355a3baed90c8ac4807f89069789ff03e105838002dd3ee7ce1b5830
-
SHA512
9f054415120cdaf09c3c04882995514c4744a4749254d2aef83861f8e9c934a9fa538fe36d2b7df784254c74536b252756d92f16c2ff9becc6251cf93f583b82
-
SSDEEP
12288:xQCk0Xoe9l9EZ9ToO/njsYIiu5I+NaQjludJLD:xQCkbI9Ebo2IieIOamluXD
Static task
static1
Behavioral task
behavioral1
Sample
6ce9c0ea355a3baed90c8ac4807f89069789ff03e105838002dd3ee7ce1b5830.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.4.1
50 installs
217.63.234.90:4444
217.63.234.90:1313
127.0.0.1:1313
ef23a66e-d8e1-48c7-a533-50e2b78bea4a
-
encryption_key
6B0D9CDFBF22251A89F554E059B7463C8CDE0F0C
-
install_name
svchost.exe
-
log_directory
Logs50spread
-
reconnect_delay
3000
-
startup_key
svchost.exe
-
subdirectory
SubDir
Targets
-
-
Target
6ce9c0ea355a3baed90c8ac4807f89069789ff03e105838002dd3ee7ce1b5830
-
Size
633KB
-
MD5
a2f6df739bd33b7e2332165f6d2eebf7
-
SHA1
02287abc852e0a4096c08e3f4fcba65c0ac9d60b
-
SHA256
6ce9c0ea355a3baed90c8ac4807f89069789ff03e105838002dd3ee7ce1b5830
-
SHA512
9f054415120cdaf09c3c04882995514c4744a4749254d2aef83861f8e9c934a9fa538fe36d2b7df784254c74536b252756d92f16c2ff9becc6251cf93f583b82
-
SSDEEP
12288:xQCk0Xoe9l9EZ9ToO/njsYIiu5I+NaQjludJLD:xQCkbI9Ebo2IieIOamluXD
-
Detect ZGRat V1
-
Quasar payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-