General
-
Target
fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4.exe
-
Size
348KB
-
Sample
240406-b851aahd94
-
MD5
9d7f799067e3a1bf3596c7b693e912a3
-
SHA1
f461a01547e439e83ae02a4ca8da6a7c2efa753a
-
SHA256
fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4
-
SHA512
89d4d7463b2c459decebbc5d217af49c24080442b999b968c23b85861cf22e0cc241085bd685ee4e0dfe58405099ed0feae76ec771390faa8b8ef7cad19abb0f
-
SSDEEP
6144:77qQ4i1FFiEKLJ5aMEb2lEyg77CukNnEwTWhFF+:npliN5jC77Cu3wTM+
Behavioral task
behavioral1
Sample
fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
promesasalvaro1.duckdns.org:4782
QSR_MUTEX_l1M93VuqIyiH8hEQ4I
-
encryption_key
2g2JgGNmrJPJ7nSHkWmk
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4.exe
-
Size
348KB
-
MD5
9d7f799067e3a1bf3596c7b693e912a3
-
SHA1
f461a01547e439e83ae02a4ca8da6a7c2efa753a
-
SHA256
fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4
-
SHA512
89d4d7463b2c459decebbc5d217af49c24080442b999b968c23b85861cf22e0cc241085bd685ee4e0dfe58405099ed0feae76ec771390faa8b8ef7cad19abb0f
-
SSDEEP
6144:77qQ4i1FFiEKLJ5aMEb2lEyg77CukNnEwTWhFF+:npliN5jC77Cu3wTM+
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables containing common artifacts observed in infostealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-