General
-
Target
Client-built1.exe
-
Size
3.1MB
-
Sample
240406-zjq2tsbd22
-
MD5
aec40a6d5ac500161b144855635b210a
-
SHA1
50784bcc66d785fec2031dc8537f92bde9104ea8
-
SHA256
019164c82a0309c702458c78a20ba702bf78cb62135fab35ce1711f71d191cce
-
SHA512
229d35a2a252a7023e70b88d42f84c9be9bd72e4a4c9de96e21cb2b84859147ded6834694aeee13d61172ce4a626f05947ffefa11ec4e3e22d430a73578b26a6
-
SSDEEP
49152:Kv2I22SsaNYfdPBldt698dBcjHLjxNESEHk/iTLoGdNQTHHB72eh2NT:Kvb22SsaNYfdPBldt6+dBcjH3xCf
Behavioral task
behavioral1
Sample
Client-built1.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.4.1
Office04
wasted9sss1-26365.portmap.io:4782
ecd9c01a-82c1-4251-8d76-1e2891bf0dd3
-
encryption_key
517C077DB1E3D3485387F0B31BBF986E71312477
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system32
-
subdirectory
SubDir
Targets
-
-
Target
Client-built1.exe
-
Size
3.1MB
-
MD5
aec40a6d5ac500161b144855635b210a
-
SHA1
50784bcc66d785fec2031dc8537f92bde9104ea8
-
SHA256
019164c82a0309c702458c78a20ba702bf78cb62135fab35ce1711f71d191cce
-
SHA512
229d35a2a252a7023e70b88d42f84c9be9bd72e4a4c9de96e21cb2b84859147ded6834694aeee13d61172ce4a626f05947ffefa11ec4e3e22d430a73578b26a6
-
SSDEEP
49152:Kv2I22SsaNYfdPBldt698dBcjHLjxNESEHk/iTLoGdNQTHHB72eh2NT:Kvb22SsaNYfdPBldt6+dBcjH3xCf
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-