General
-
Target
Uni.bat
-
Size
1.8MB
-
Sample
240421-b4jlgsga9w
-
MD5
14516087f9549022d5582272910428b1
-
SHA1
53324370839fa1c07bfa42cf7cb3039513805d42
-
SHA256
745517dc1c6f989b9882959b31d34621c3a25dde79054f29ff6d7539a603ea3e
-
SHA512
cda051bfe205763fe10c9b6970e3b56c4a6044d42d30c8f5ff1b722318c3b69aa1e86c898f4cb70d6e9c4846db8701e7c85b31c4356bf88ca1a8915bb2e0250f
-
SSDEEP
24576:Kn1j2//LtzVBqLoCQw/376Fx2S6aryOdijwog7h66zQIG9GcQ0clANNPny:KdMW+wf+UAwIvczy
Static task
static1
Malware Config
Extracted
quasar
1.4.1
SLAVE
uk2.localto.net:39077
cc0a2b76-665e-4e16-b318-5ee02270fbcd
-
encryption_key
D7F09F1F0B9CECC640BA0B3D8975FBE5CED725B5
-
install_name
UpdateHost.exe
-
log_directory
Error Logs
-
reconnect_delay
3000
-
startup_key
WOS64
-
subdirectory
Windows
Targets
-
-
Target
Uni.bat
-
Size
1.8MB
-
MD5
14516087f9549022d5582272910428b1
-
SHA1
53324370839fa1c07bfa42cf7cb3039513805d42
-
SHA256
745517dc1c6f989b9882959b31d34621c3a25dde79054f29ff6d7539a603ea3e
-
SHA512
cda051bfe205763fe10c9b6970e3b56c4a6044d42d30c8f5ff1b722318c3b69aa1e86c898f4cb70d6e9c4846db8701e7c85b31c4356bf88ca1a8915bb2e0250f
-
SSDEEP
24576:Kn1j2//LtzVBqLoCQw/376Fx2S6aryOdijwog7h66zQIG9GcQ0clANNPny:KdMW+wf+UAwIvczy
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-