General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240407-hpa45afh73
-
MD5
c19cf890d159b62570fa8f277b318baf
-
SHA1
dfdd9df36921d298cbac731e5068b6b0d6565cca
-
SHA256
1ac1e01b78d2bec8d2a5fa5948989cd95adbc5aade80ceb88161d6afb4a3a1d8
-
SHA512
5243d3e708490a0c5454b69945b36031a96d817d6cb2fb7a6a098bb9ecfa73d712162a0b8fda7cc4538c9299283f18c4b749324ffb598878fe20d4be1a916417
-
SSDEEP
49152:uvst62XlaSFNWPjljiFa2RoUYIbzvNuvoGduQTHHB72eh2NT:uvQ62XlaSFNWPjljiFXRoUYIbzvNu
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
4F90-F31A:4782
755f883f-4d58-4349-bc9e-f21c4e163b6f
-
encryption_key
EE65D8F2E429F4900E3A17963595716D863A2455
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
c19cf890d159b62570fa8f277b318baf
-
SHA1
dfdd9df36921d298cbac731e5068b6b0d6565cca
-
SHA256
1ac1e01b78d2bec8d2a5fa5948989cd95adbc5aade80ceb88161d6afb4a3a1d8
-
SHA512
5243d3e708490a0c5454b69945b36031a96d817d6cb2fb7a6a098bb9ecfa73d712162a0b8fda7cc4538c9299283f18c4b749324ffb598878fe20d4be1a916417
-
SSDEEP
49152:uvst62XlaSFNWPjljiFa2RoUYIbzvNuvoGduQTHHB72eh2NT:uvQ62XlaSFNWPjljiFXRoUYIbzvNu
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-