General
-
Target
2024-04-16_bc03059f709594662ca9f9f0e33bc7bd_icedid_xrat
-
Size
4.7MB
-
Sample
240416-svqrwafa91
-
MD5
bc03059f709594662ca9f9f0e33bc7bd
-
SHA1
b7dc7b3175d7d99714280629c232788f7a7b8e18
-
SHA256
5855aec848037736bc17bb493f326b5354022bba6c3767755dc8a415adc34e2d
-
SHA512
60e44dd84172edb91e0d17b9cdd6feadc81502667c0316c7c5bd760d425e667cf2b05e648f7d68aead2911cd4dd28775866cea7e96101fd1514bb183f8514dac
-
SSDEEP
98304:yCu0aTxAvr22SsaNYfdPBldt6+dBcjHtKRJ6BrIbzZ6IbzZR:TaN+M7jGI0Hj
Behavioral task
behavioral1
Sample
2024-04-16_bc03059f709594662ca9f9f0e33bc7bd_icedid_xrat.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-04-16_bc03059f709594662ca9f9f0e33bc7bd_icedid_xrat
-
Size
4.7MB
-
MD5
bc03059f709594662ca9f9f0e33bc7bd
-
SHA1
b7dc7b3175d7d99714280629c232788f7a7b8e18
-
SHA256
5855aec848037736bc17bb493f326b5354022bba6c3767755dc8a415adc34e2d
-
SHA512
60e44dd84172edb91e0d17b9cdd6feadc81502667c0316c7c5bd760d425e667cf2b05e648f7d68aead2911cd4dd28775866cea7e96101fd1514bb183f8514dac
-
SSDEEP
98304:yCu0aTxAvr22SsaNYfdPBldt6+dBcjHtKRJ6BrIbzZ6IbzZR:TaN+M7jGI0Hj
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-