General
-
Target
Cyberious.exe
-
Size
16.8MB
-
Sample
240404-lw9stace32
-
MD5
0cdf30cd1ca6564216a6cf1dc5d8315f
-
SHA1
5d5a7e25c942b2bc62d942282cdef7e082f799a9
-
SHA256
3e534ef30466b4bd109e8c23d3a91a2302164a983aa9131a5d3df7cbc8cd8730
-
SHA512
90f2205e5b5f1ac1236808415885bb05306340a224bd6510861cfa461741316c4dc2d4c5333b53d9d5fdd37c7ec4713fd7eb1c620455fc5966c5059b23a48b29
-
SSDEEP
393216:lAgi0xJWSU/CeMIHF3Jmeu21pNHR1l3kkn0TV1lwksmZ095:lzPv/eH/meL1pNHN3z2qks+c
Static task
static1
Behavioral task
behavioral1
Sample
Cyberious.exe
Resource
win10-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
10.9.46.166:1333
10.9.34.66:1333
NareReti-40382.portmap.host:40382
1f3547a3-6112-47d5-9c48-4fb1bd3d6344
-
encryption_key
CE886B4F24E457903274F7555F940215147255CD
-
install_name
updater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Google Chrome
-
subdirectory
Chrome
Targets
-
-
Target
Cyberious.exe
-
Size
16.8MB
-
MD5
0cdf30cd1ca6564216a6cf1dc5d8315f
-
SHA1
5d5a7e25c942b2bc62d942282cdef7e082f799a9
-
SHA256
3e534ef30466b4bd109e8c23d3a91a2302164a983aa9131a5d3df7cbc8cd8730
-
SHA512
90f2205e5b5f1ac1236808415885bb05306340a224bd6510861cfa461741316c4dc2d4c5333b53d9d5fdd37c7ec4713fd7eb1c620455fc5966c5059b23a48b29
-
SSDEEP
393216:lAgi0xJWSU/CeMIHF3Jmeu21pNHR1l3kkn0TV1lwksmZ095:lzPv/eH/meL1pNHN3z2qks+c
-
Quasar payload
-
Creates new service(s)
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-