General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240411-1qw24ahe6s
-
MD5
3fdc51227758ce53069116625341569d
-
SHA1
ee099a8afcab18d69cf2c3c2f5193ab5af33fa78
-
SHA256
356fcec1d7e8ef7c51fa311d1e3013915aca1a44a586cf872abd5bcb927f6319
-
SHA512
807b4a0f993672d07c580572fdf8dfeb4c443545449aa27c1e595850f2dda73ea7265844f6f9e53baa0a50b723160cfdaa244ef8464ebf032b8cbf28ac1a33ba
-
SSDEEP
49152:HvnI22SsaNYfdPBldt698dBcjHWDQ0Dmzt0oGd6HTHHB72eh2NT:HvI22SsaNYfdPBldt6+dBcjHcQ0J
Malware Config
Extracted
quasar
1.4.1
Office04
us1.localto.net:44771
abf2fea6-bc08-449e-9ce0-142ecb0a54c5
-
encryption_key
93B883D530A44E5A4457CCB3F463B613FCE53505
-
install_name
Google.exe.exe
-
log_directory
Log
-
reconnect_delay
3000
-
startup_key
AntimaIware Core Service
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
3fdc51227758ce53069116625341569d
-
SHA1
ee099a8afcab18d69cf2c3c2f5193ab5af33fa78
-
SHA256
356fcec1d7e8ef7c51fa311d1e3013915aca1a44a586cf872abd5bcb927f6319
-
SHA512
807b4a0f993672d07c580572fdf8dfeb4c443545449aa27c1e595850f2dda73ea7265844f6f9e53baa0a50b723160cfdaa244ef8464ebf032b8cbf28ac1a33ba
-
SSDEEP
49152:HvnI22SsaNYfdPBldt698dBcjHWDQ0Dmzt0oGd6HTHHB72eh2NT:HvI22SsaNYfdPBldt6+dBcjHcQ0J
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-