General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240406-yk91nahd4v
-
MD5
49a65e235d14a56d3043ddd95790e68d
-
SHA1
e3418e08e2c869b4970faa7f8ac166129a038770
-
SHA256
753e958ea04ee6a765f09e2ca60f56cc2959bb45aea66a77ee6ba3326cb36720
-
SHA512
7e8a30bd9dd0ab92ad673f540ec6cb4f841baf57b2593618c0106fc385cfd69405b46d7b757a440d18d5c0dcc6273cd8589b5c389a1d76899ea7ffe6d603794e
-
SSDEEP
49152:Sv2I22SsaNYfdPBldt698dBcjH63eG0+DvJkwoGdhTHHB72eh2NT:Svb22SsaNYfdPBldt6+dBcjH/+v
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
quasar
1.4.1
Office04
wasted9sss1-56353.portmap.host:4782
f6d58747-a97c-4537-9d9d-312d4a425082
-
encryption_key
517C077DB1E3D3485387F0B31BBF986E71312477
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system32
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
49a65e235d14a56d3043ddd95790e68d
-
SHA1
e3418e08e2c869b4970faa7f8ac166129a038770
-
SHA256
753e958ea04ee6a765f09e2ca60f56cc2959bb45aea66a77ee6ba3326cb36720
-
SHA512
7e8a30bd9dd0ab92ad673f540ec6cb4f841baf57b2593618c0106fc385cfd69405b46d7b757a440d18d5c0dcc6273cd8589b5c389a1d76899ea7ffe6d603794e
-
SSDEEP
49152:Sv2I22SsaNYfdPBldt698dBcjH63eG0+DvJkwoGdhTHHB72eh2NT:Svb22SsaNYfdPBldt6+dBcjH/+v
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-