General
-
Target
ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
-
Size
3.1MB
-
Sample
240424-21sm4abc6w
-
MD5
9754bcea9ad1e5be5d7edddf86cc8937
-
SHA1
0a7f8c93c0cb54fd832635a3de08c5a9ba58fbb0
-
SHA256
ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
-
SHA512
2d8c2a0c6e9c7b475bc68cd039a8e7963a2e6ef1782da169d518f6e2a55b353588f9e2852d26cef42511891545a1ca1d2c4397381f63ba020c099f4b545d12a2
-
SSDEEP
49152:7vbI22SsaNYfdPBldt698dBcjHdr+PJHlLoGd0QTHHB72eh2NT:7vk22SsaNYfdPBldt6+dBcjHdr+n
Behavioral task
behavioral1
Sample
ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
77.1000.147.5:5000
8645f334-f417-44f7-8b2f-c2a2593ddd85
-
encryption_key
6DC4F525708459987F1DD5D6736CBEE3F4BF2C3F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
-
Size
3.1MB
-
MD5
9754bcea9ad1e5be5d7edddf86cc8937
-
SHA1
0a7f8c93c0cb54fd832635a3de08c5a9ba58fbb0
-
SHA256
ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
-
SHA512
2d8c2a0c6e9c7b475bc68cd039a8e7963a2e6ef1782da169d518f6e2a55b353588f9e2852d26cef42511891545a1ca1d2c4397381f63ba020c099f4b545d12a2
-
SSDEEP
49152:7vbI22SsaNYfdPBldt698dBcjHdr+PJHlLoGd0QTHHB72eh2NT:7vk22SsaNYfdPBldt6+dBcjHdr+n
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-