General
-
Target
bCs7LR
-
Size
500B
-
Sample
240416-br9bdadg56
-
MD5
0d72715a82a23dd51eb8267066bc78ef
-
SHA1
5148bffd8cf6cf8b01c67a464161668134cd24fd
-
SHA256
2443089f92e80e43cdc9e4a5f113ed6687c9e4b44031325fd051613494457d65
-
SHA512
29abbe7fc4696db3bd2a9dba88d27062d8ae318bd522fb6b4f39337ab8baf9349dcb21db4703825d6a96952e71c8070a20007f5066dfea30ea2f11068b2bd5b9
Static task
static1
Behavioral task
behavioral1
Sample
bCs7LR.html
Resource
win11-20240412-en
Malware Config
Extracted
quasar
1.4.1
Office04
6.tcp.ngrok.io:16799
0c20af10-1b0a-4d0e-bbca-3718ee39e827
-
encryption_key
284202D1B7ED732612BB54048953C4453A2549F9
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System32
-
subdirectory
SubDir
Targets
-
-
Target
bCs7LR
-
Size
500B
-
MD5
0d72715a82a23dd51eb8267066bc78ef
-
SHA1
5148bffd8cf6cf8b01c67a464161668134cd24fd
-
SHA256
2443089f92e80e43cdc9e4a5f113ed6687c9e4b44031325fd051613494457d65
-
SHA512
29abbe7fc4696db3bd2a9dba88d27062d8ae318bd522fb6b4f39337ab8baf9349dcb21db4703825d6a96952e71c8070a20007f5066dfea30ea2f11068b2bd5b9
-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-