General
-
Target
Client-built.exe
-
Size
348KB
-
Sample
240406-ptvsnaad51
-
MD5
694ee94d98d54cfb7ddd5d1c0207dd2f
-
SHA1
d5138104c7f554f6e648a7eb362d4f82d34455a2
-
SHA256
acb0b53993620d79ccae8de1aaf2971cbaf19552faeda64b3104650ea97b5bed
-
SHA512
760c58a49f76cb5179dd1337b0b81a2c162aa556a1c319727b73954e484f0e3068783b41a4f6177183d341a8f1a5c004674e2b981ccf32323c2713165824eced
-
SSDEEP
6144:jMNHXf500MqnKQ9DJJsubdbXodnpIYC/GixS:gd50BQ9VzidnpI9/GixS
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Client-built.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
Lunasplanet-29399.portmap.host:29399
QSR_MUTEX_3gXoc7Rbb6gDK9k7Ha
-
encryption_key
Lb4wtsgHvft0Vi65JBbW
-
install_name
SubClient.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SubClient.exe
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
348KB
-
MD5
694ee94d98d54cfb7ddd5d1c0207dd2f
-
SHA1
d5138104c7f554f6e648a7eb362d4f82d34455a2
-
SHA256
acb0b53993620d79ccae8de1aaf2971cbaf19552faeda64b3104650ea97b5bed
-
SHA512
760c58a49f76cb5179dd1337b0b81a2c162aa556a1c319727b73954e484f0e3068783b41a4f6177183d341a8f1a5c004674e2b981ccf32323c2713165824eced
-
SSDEEP
6144:jMNHXf500MqnKQ9DJJsubdbXodnpIYC/GixS:gd50BQ9VzidnpI9/GixS
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-