General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240425-t68mhacg3t
-
MD5
1ed54dfe03d72992d7661ac6ffd62686
-
SHA1
6b777023a3b095545df12ee5df931dc63931c808
-
SHA256
981480ad3e231a6a9c50b5eacb94342a06115115e20ee5c27b06bb5beee54c21
-
SHA512
adbe3b6b8f3d0c2d080fa25e2f2cad628015d8098ac4dbbad834715a388e9f44af6269d08bb16037c8796676bf3c8c0b42b4ad22e033ca817f0452553fb6ace2
-
SSDEEP
49152:UvIqB2ZNag4YgPblSvLo6L2KocUdRJ6fbR3LoGdy8THHB72eh2NT:UvHB2ZNag4YgPblSvL5L2KocUdRJ6x
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240215-en
Malware Config
Extracted
quasar
1.4.1
Office04
Enslotheya2-61094.portmap.host:4782
Enslotheya2-61094.portmap.host:46201
tcp://Enslotheya2-61094.portmap.host:4782
tcp://Enslotheya2-61094.portmap.host:46201
8ea6b073-ee8d-4f7f-8fba-1e280e616d24
-
encryption_key
74E1B4AC3CD2ECB5E4C2870E4E135FA00D21CA8C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
1ed54dfe03d72992d7661ac6ffd62686
-
SHA1
6b777023a3b095545df12ee5df931dc63931c808
-
SHA256
981480ad3e231a6a9c50b5eacb94342a06115115e20ee5c27b06bb5beee54c21
-
SHA512
adbe3b6b8f3d0c2d080fa25e2f2cad628015d8098ac4dbbad834715a388e9f44af6269d08bb16037c8796676bf3c8c0b42b4ad22e033ca817f0452553fb6ace2
-
SSDEEP
49152:UvIqB2ZNag4YgPblSvLo6L2KocUdRJ6fbR3LoGdy8THHB72eh2NT:UvHB2ZNag4YgPblSvL5L2KocUdRJ6x
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-