General
-
Target
ModPack.bat
-
Size
1.6MB
-
Sample
240413-y7kdhsce9s
-
MD5
3ab2a7793b323765353fa8e597cec156
-
SHA1
c892cc5095ac6f37d0e94bbc09e11abe3d62027a
-
SHA256
a2c3928e33f47ec7dd1caf488af3aecd0e829031740dda298513ef24795bad54
-
SHA512
90c1a411b9b9cbcef33cc80c0f746ee67501e21998c8a85c7af868da450a8f7ab2a405562b3e9c9e26f77a4a75b9532d30816f20865dfdd29c555882ea72abcc
-
SSDEEP
24576:zVHGMbIfHrrVuAAJ1wVKTV9QzlkWMGyR7mgVvIhiMej1Ma:pHEvrroBVykjea
Static task
static1
Behavioral task
behavioral1
Sample
ModPack.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
ModPack.bat
Resource
win10v2004-20240412-en
Malware Config
Extracted
quasar
1.4.1
Office04
notes-creation.gl.at.ply.gg:27030
6735a92b-88d2-4fbe-8e59-605a85072109
-
encryption_key
8681483EF512C654BECF205A0D74FFCA4B129A98
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Trapix Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
ModPack.bat
-
Size
1.6MB
-
MD5
3ab2a7793b323765353fa8e597cec156
-
SHA1
c892cc5095ac6f37d0e94bbc09e11abe3d62027a
-
SHA256
a2c3928e33f47ec7dd1caf488af3aecd0e829031740dda298513ef24795bad54
-
SHA512
90c1a411b9b9cbcef33cc80c0f746ee67501e21998c8a85c7af868da450a8f7ab2a405562b3e9c9e26f77a4a75b9532d30816f20865dfdd29c555882ea72abcc
-
SSDEEP
24576:zVHGMbIfHrrVuAAJ1wVKTV9QzlkWMGyR7mgVvIhiMej1Ma:pHEvrroBVykjea
-
Quasar payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-