General
-
Target
xRmat80DlHcR.exe
-
Size
348KB
-
Sample
240409-vdlgyach39
-
MD5
32f3cadcabd40f0b821adba034ac8fb1
-
SHA1
75ec24a7b088756120b9c380c6a13d88dbab5bd6
-
SHA256
a681774e83e773eff9e6c4070a78b7fdb2839301ce1955cade51bd95af25abd3
-
SHA512
a59aae78bf7729881925fdea3f0c2370a26f3bc3ea665df3eca1278c3599d37369aaf1e5c3bc5dcf08acb02a80ba1e1f4883b855ce934908a95d1d3d4c448c40
-
SSDEEP
6144:TzNHXf500Mb31d61sQqboCixEkZeg5kEvfmG:Hd50vd0IixDp1vfmG
Behavioral task
behavioral1
Sample
xRmat80DlHcR.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
ppprosyl.con-ip.com:4001
QSR_MUTEX_l1M93VuqIyiH8hEQ4I
-
encryption_key
ucnCWAxHFqrqDWqAvywj
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
xRmat80DlHcR.exe
-
Size
348KB
-
MD5
32f3cadcabd40f0b821adba034ac8fb1
-
SHA1
75ec24a7b088756120b9c380c6a13d88dbab5bd6
-
SHA256
a681774e83e773eff9e6c4070a78b7fdb2839301ce1955cade51bd95af25abd3
-
SHA512
a59aae78bf7729881925fdea3f0c2370a26f3bc3ea665df3eca1278c3599d37369aaf1e5c3bc5dcf08acb02a80ba1e1f4883b855ce934908a95d1d3d4c448c40
-
SSDEEP
6144:TzNHXf500Mb31d61sQqboCixEkZeg5kEvfmG:Hd50vd0IixDp1vfmG
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-