General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
test
C2
192.168.0.154:4782:4782
Mutex
8b0b296a-2bd1-4c60-add6-cc5c5a801d0b
Attributes
-
encryption_key
328DC833931AA8688C087F214529DFB3D22905BF
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
windows
-
subdirectory
SubDir
Targets
-
-
Quasar payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory