General
-
Target
jstr-built.bat
-
Size
1.8MB
-
Sample
240417-atkv5agf26
-
MD5
6152646d22fa2dfddf47c46a854a04bb
-
SHA1
b0741da3d0cb9d00bc583e5acc11db419fd1de61
-
SHA256
f86ebcd90755fdc28403d64a74ecb638fcae11d51888acca92975cc72902e2d5
-
SHA512
9542dc77487b0abf82bbeff4fd09c35958344855c7825a4b2ce2ee6bd887eb584b7e1c6ea900b1210b130dd70184d5ca66f7a2de7e9e90ef85c403261841840c
-
SSDEEP
49152:lb7smSSlM/MByDVR/aFPxB0snxHsgfM+DLHeD:2
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Slave
127.0.0.1:80
0.tcp.ngrok.io :19607
569bd8bb-286e-475a-a912-45ea94f9c8b7
-
encryption_key
1AF7C677BDE3B8255A8F16FC1CA9D8C708B5355F
-
install_name
system32 QC.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
Windows QC
Targets
-
-
Target
jstr-built.bat
-
Size
1.8MB
-
MD5
6152646d22fa2dfddf47c46a854a04bb
-
SHA1
b0741da3d0cb9d00bc583e5acc11db419fd1de61
-
SHA256
f86ebcd90755fdc28403d64a74ecb638fcae11d51888acca92975cc72902e2d5
-
SHA512
9542dc77487b0abf82bbeff4fd09c35958344855c7825a4b2ce2ee6bd887eb584b7e1c6ea900b1210b130dd70184d5ca66f7a2de7e9e90ef85c403261841840c
-
SSDEEP
49152:lb7smSSlM/MByDVR/aFPxB0snxHsgfM+DLHeD:2
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-