General
-
Target
eb0beafcb365cd20eb00ff9e19b73232.bin
-
Size
4.5MB
-
Sample
240425-cwwfradh4z
-
MD5
8f80cea0fb1a6548d123ab7b79485a03
-
SHA1
75089ce182c66f0ce6c5b141a3aac83ebedd4756
-
SHA256
fbddeaf86a083721946b6a3d9731ca3acea8246d3ee2fc2ee1f75eff2b927d53
-
SHA512
df5c798271f42d3fcbd6465dcc6c0c771726f2e688962c70309b5fea6751ccc404c137d3b701dd458975eff90456a70717bb11c08046b4e6c6290f46544a7c84
-
SSDEEP
98304:laoxqMylE3FVfl3Pm2sWN0zPogWSSE6ffU+bxAzT+RPAx:laoxNyYFVfE2sWNAD6E+bSH+6x
Static task
static1
Behavioral task
behavioral1
Sample
31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.4.1
Office04
185.196.10.233:4782
b0fcdfbd-bdd4-4a5d-8ab1-7217539d4db6
-
encryption_key
0EC03133971030F6D05E6D59F71626F6543BBE65
-
install_name
gfdgfdg.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
fgfdhdgg
-
subdirectory
gfgfgf
Targets
-
-
Target
31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99.exe
-
Size
6.4MB
-
MD5
eb0beafcb365cd20eb00ff9e19b73232
-
SHA1
1a4470109418e1110588d52851e320ecefcba7de
-
SHA256
31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99
-
SHA512
8dff151e81b5ce3c4f51b1f24a6e7654c3008d81b6652e6d2f7fabc42d341e9db703b12f83ccf9471514498af3c1763ef97f132ad36302de8ccd984fbf52d52f
-
SSDEEP
98304:DpgFmZKkYcZ4YSQrKF78eHm8Xdt6Zz55JJ9enfr:uFmZOcZtrKFFHm8t0NJJo
Score10/10-
Quasar payload
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-