General
-
Target
UzpnR6.exe
-
Size
1.2MB
-
Sample
240412-s2jl5sbf92
-
MD5
75c50dbf2c70ea6ca170513f77168f58
-
SHA1
512cc32329eaa9fcd4c6e507ef2a26823a06f1ac
-
SHA256
ffcedb5228f316086a811d910fb0e423ef4d16878369b64808a44ccc8f23ae26
-
SHA512
63eb2eb4f531ba9a3f4ac857e3aabef5cea925a04dbaa7010c2418bcafd0948e77cce3426b8ffb30d860e5e17add310ea6189a23ab180b36147bec193254d457
-
SSDEEP
24576:7o/ynHkLXGxxGApcTVcIWcRf+r31bfd+v3A0IOhb:7atGxg+cZP32zJVkA0Isb
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
us1.localto.net:38905
abf2fea6-bc08-449e-9ce0-142ecb0a54c5
-
encryption_key
93B883D530A44E5A4457CCB3F463B613FCE53505
-
install_name
Google.exe.exe
-
log_directory
Log
-
reconnect_delay
3000
-
startup_key
AntimaIware Core Service
-
subdirectory
SubDir
Targets
-
-
Target
UzpnR6.exe
-
Size
1.2MB
-
MD5
75c50dbf2c70ea6ca170513f77168f58
-
SHA1
512cc32329eaa9fcd4c6e507ef2a26823a06f1ac
-
SHA256
ffcedb5228f316086a811d910fb0e423ef4d16878369b64808a44ccc8f23ae26
-
SHA512
63eb2eb4f531ba9a3f4ac857e3aabef5cea925a04dbaa7010c2418bcafd0948e77cce3426b8ffb30d860e5e17add310ea6189a23ab180b36147bec193254d457
-
SSDEEP
24576:7o/ynHkLXGxxGApcTVcIWcRf+r31bfd+v3A0IOhb:7atGxg+cZP32zJVkA0Isb
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-