General
-
Target
71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce.exe
-
Size
3.1MB
-
Sample
240401-bjzf7shf68
-
MD5
479ebaee10717b48969ebfc7d10ffef2
-
SHA1
3061bd9bc43d9d580af7d590a3ea8a134488a70c
-
SHA256
71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce
-
SHA512
fe6a28e898d52a673a23cab72f231a5c9e4998528184fc422d33d3fe6c4ebd91ddb2ee881925c8f8b7e81391b85c9b5e8bcfbbcc0c9db38ccb1b7908efb92b93
-
SSDEEP
49152:DvbI22SsaNYfdPBldt698dBcjHdGRJ6VbR3LoGd3THHB72eh2NTA:Dvk22SsaNYfdPBldt6+dBcjHdGRJ6n3
Behavioral task
behavioral1
Sample
71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce.exe
Resource
win7-20240319-en
Malware Config
Extracted
quasar
1.4.1
Office04
185.196.10.233:4782
a244256d-314d-4857-83fe-790ac24d7897
-
encryption_key
0EC03133971030F6D05E6D59F71626F6543BBE65
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce.exe
-
Size
3.1MB
-
MD5
479ebaee10717b48969ebfc7d10ffef2
-
SHA1
3061bd9bc43d9d580af7d590a3ea8a134488a70c
-
SHA256
71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce
-
SHA512
fe6a28e898d52a673a23cab72f231a5c9e4998528184fc422d33d3fe6c4ebd91ddb2ee881925c8f8b7e81391b85c9b5e8bcfbbcc0c9db38ccb1b7908efb92b93
-
SSDEEP
49152:DvbI22SsaNYfdPBldt698dBcjHdGRJ6VbR3LoGd3THHB72eh2NTA:Dvk22SsaNYfdPBldt6+dBcjHdGRJ6n3
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-