General
-
Target
3e367077b9f51162b57d557b4d4373fd32384529a5a4494ebde24a70ae8584ee
-
Size
180KB
-
Sample
240417-rpxgssdb6w
-
MD5
0b211dde7541cd1b9027fd1da2d9792c
-
SHA1
dfd592f1c6696ced7129d44c5c703b603412a35d
-
SHA256
3e367077b9f51162b57d557b4d4373fd32384529a5a4494ebde24a70ae8584ee
-
SHA512
8d09300aa4f00aae63bb78e5abcca5174e6feda4dbb74c6db879d6011a83f484532a3ad74cf3a34a0f70e3f2f31b9795096666988d62e7479497e736614644e4
-
SSDEEP
3072:1Z8MpgCCNUXwWniWvm3/deK3E0jsul43eN1oTr5nt2yJlJb1v2GugOyfj2YT4:1ZrJX1MsYl4uLept2yJZvriYT4
Behavioral task
behavioral1
Sample
d13a25f8c9dcf0cd27369a3889e37cfa00801ccaf9ac0a5da9e68d6b9cade24b.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.3.0.0
Office04
contodapug.con-ip.com:3000
QSR_MUTEX_l1M93VuqIyiH8hEQ4I
-
encryption_key
rsiMb9hEmi3ZSrW5tyPG
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
d13a25f8c9dcf0cd27369a3889e37cfa00801ccaf9ac0a5da9e68d6b9cade24b.exe
-
Size
348KB
-
MD5
d554b7ab2ef4f1699f6d77ceb470d01e
-
SHA1
a77b165e67682ef32c10f9e4dc4a235f4cc9e01c
-
SHA256
d13a25f8c9dcf0cd27369a3889e37cfa00801ccaf9ac0a5da9e68d6b9cade24b
-
SHA512
e96539eff34e66ff587c787b90e29181a0167fc0fa2c2ae9fd0208f80fe2b2df2c9ce1f4b2f5c1e65235f3d22b9e02f31ea83357481b23019306120c3fae92c6
-
SSDEEP
6144:bzNHXf500M2zw/HXLo6K2bXZvWhJzAUKIVZA6:/d50oUHXlKKhvIE6
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-