General
-
Target
fe4ed0e2c6d830596d168ee32dc8a44239ca1705635187f67a0e40234c0f4c14
-
Size
180KB
-
Sample
240417-rcq49aah95
-
MD5
0f97ded4f9f47b2e869905c0d09825cc
-
SHA1
9c299a70a7371d1203f0e38e8d71ee1436f20808
-
SHA256
fe4ed0e2c6d830596d168ee32dc8a44239ca1705635187f67a0e40234c0f4c14
-
SHA512
50b713a2b014ca9c3bd6234d93bdf93ab69abc42f6d1da7dd63fd7bf10e3ccdc8c05f0779d973c6e0f0e842d5043607d4fa7d80dd0c21ecb9fffa56be798187c
-
SSDEEP
3072:GZ+S8N2b0QchgAem/QFQn0p/OPqeMSyMZqMpJjiqDZ59BGEYB91nNl2zrwAcL/Nt:g+S8I4om/xn0EPuMq2JjiqL9RYlNlLNt
Behavioral task
behavioral1
Sample
83892117f96867db66c1e6676822a4c0d6691cde60449ee47457f4cc31410fce.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
qztadmin.duckdns.org:9782
QSR_MUTEX_YMblzlA3rm38L7nnxQ
-
encryption_key
mDf8ODHd9XwqMsIxpY8F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
83892117f96867db66c1e6676822a4c0d6691cde60449ee47457f4cc31410fce.exe
-
Size
348KB
-
MD5
0a7dccc3c8dd419560ac4bdb8440b77a
-
SHA1
74a2fe4ca4888ac962b1737af6dc2b58f78048c7
-
SHA256
83892117f96867db66c1e6676822a4c0d6691cde60449ee47457f4cc31410fce
-
SHA512
637b9a964954b52986eea5fecc4093ac57f7bff690220bc0f0785c043d327259ba2c372b2c0fba1ec5588fc66bda593009fb8f74b3915fc3561e7fda9b92787c
-
SSDEEP
6144:+rNHXf500MsbudVpDxWUb2Nsto/pKujjY/R3K:Yd505dVyrsWMuvYZ3K
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-