Resubmissions
06-04-2024 19:54
240406-ymvzhshd8w 10General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240406-ymvzhshd8w
-
MD5
13939d00b040ea20c7d18f289fc45fbc
-
SHA1
f28f0847bffc18c66d73123117980917000098ad
-
SHA256
00f7e412a5245b8756c569793e2254831848b2507f0a80feec9b37377a79630e
-
SHA512
80ed3ad3e2ce9650219af10801e110d0c10b2a11b624efc4638d29e63cfea1e06735cd5f0226995a908985e1b494a372593acdb854072009277c5a6b730f0100
-
SSDEEP
49152:Cvve821/aQWl8P0lSk3aKA3Z+nkjOEEfs8k/HYqoGdKHTHHB72eh2NT:Cvm821/aQWl8P0lSk3DA3Z+nkjO2p6
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.4.1
Office04
Enslotheya-26488.portmap.io:26488
Enslotheya-26488.portmap.io:4782
62898bf2-d740-4fac-9262-e5bd50e7c227
-
encryption_key
796C698C50C0E8D256FFF2870E20F871851BAB42
-
install_name
SubDir.exe
-
log_directory
Logs
-
reconnect_delay
1000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
13939d00b040ea20c7d18f289fc45fbc
-
SHA1
f28f0847bffc18c66d73123117980917000098ad
-
SHA256
00f7e412a5245b8756c569793e2254831848b2507f0a80feec9b37377a79630e
-
SHA512
80ed3ad3e2ce9650219af10801e110d0c10b2a11b624efc4638d29e63cfea1e06735cd5f0226995a908985e1b494a372593acdb854072009277c5a6b730f0100
-
SSDEEP
49152:Cvve821/aQWl8P0lSk3aKA3Z+nkjOEEfs8k/HYqoGdKHTHHB72eh2NT:Cvm821/aQWl8P0lSk3DA3Z+nkjO2p6
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-