General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240406-1hta8scd94
-
MD5
3b48c30ba23cb29292137d95f1712461
-
SHA1
af660f0cbb50a5af4dcfc1f00821737bf90dc095
-
SHA256
5f1ded6b39eecb4e4575ce1150a7d665a5c2a2df6a98ff331d586c13cdb1340e
-
SHA512
b054f3a1f9118cca872560e28fc4cf9de10b9edc0c27a529fc07b835c82d0c5e53fad2e589950dcc1982c22f97ff85060c3bd258a00234cbf6620f0c73cdf1a7
-
SSDEEP
49152:tvaET2mbaBm3/PxlL/uJIXpQ1H4CC1JbLoGdSu50THHB72eh2NT:tvDT2mbaBm3/PxlL/u+XpQ1H4Ce
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
Enslotheya-26488.portmap.io:26488
Enslotheya-26488.portmap.io:4782
Enslotheya-26934.portmap.io:4782
Enslotheya-26934.portmap.io:26934
That1funnykid-39791.portmap.io:4782:4782
That1funnykid-39791.portmap.io:4782
ec2ccd18-ac18-48f3-9617-54036c5add5d
-
encryption_key
796C698C50C0E8D256FFF2870E20F871851BAB42
-
install_name
SubDir.exe
-
log_directory
Logs
-
reconnect_delay
1000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
3b48c30ba23cb29292137d95f1712461
-
SHA1
af660f0cbb50a5af4dcfc1f00821737bf90dc095
-
SHA256
5f1ded6b39eecb4e4575ce1150a7d665a5c2a2df6a98ff331d586c13cdb1340e
-
SHA512
b054f3a1f9118cca872560e28fc4cf9de10b9edc0c27a529fc07b835c82d0c5e53fad2e589950dcc1982c22f97ff85060c3bd258a00234cbf6620f0c73cdf1a7
-
SSDEEP
49152:tvaET2mbaBm3/PxlL/uJIXpQ1H4CC1JbLoGdSu50THHB72eh2NT:tvDT2mbaBm3/PxlL/u+XpQ1H4Ce
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-