General
-
Target
0268b6f80286ff64286d42529c76f9e744932ca5a650b7e9ef2c3c0afc01af79
-
Size
3.3MB
-
Sample
240428-wsdlbadd76
-
MD5
88daabfadfec7379a7b25ff1602dd7bd
-
SHA1
65c3f35d7150df340ca797a2662437933178c9b5
-
SHA256
0268b6f80286ff64286d42529c76f9e744932ca5a650b7e9ef2c3c0afc01af79
-
SHA512
7a205e62c3608fcad774dea6384ae7da904a2ba090b9b6f30454bd23eab9f54a1dbaffd72c3534c554c468a5efaa90d75f659e74fdba3ee8581cbb9356c68aa2
-
SSDEEP
49152:7vBt62XlaSFNWPjljiFa2RoUYI1bxNESEgk/iSLoGdDTHHB72eh2NT:7vr62XlaSFNWPjljiFXRoUYIJxbc
Behavioral task
behavioral1
Sample
0268b6f80286ff64286d42529c76f9e744932ca5a650b7e9ef2c3c0afc01af79.exe
Resource
win7-20240419-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.12.185:4782
15144cdb-7c06-478d-9be3-8228cfe2eee6
-
encryption_key
5FCAB94261E1E836E0ECC532E93B636646535E65
-
install_name
Conhost.exe
-
log_directory
Scex
-
reconnect_delay
3000
-
startup_key
Google Chrome
-
subdirectory
SubDir
Targets
-
-
Target
0268b6f80286ff64286d42529c76f9e744932ca5a650b7e9ef2c3c0afc01af79
-
Size
3.3MB
-
MD5
88daabfadfec7379a7b25ff1602dd7bd
-
SHA1
65c3f35d7150df340ca797a2662437933178c9b5
-
SHA256
0268b6f80286ff64286d42529c76f9e744932ca5a650b7e9ef2c3c0afc01af79
-
SHA512
7a205e62c3608fcad774dea6384ae7da904a2ba090b9b6f30454bd23eab9f54a1dbaffd72c3534c554c468a5efaa90d75f659e74fdba3ee8581cbb9356c68aa2
-
SSDEEP
49152:7vBt62XlaSFNWPjljiFa2RoUYI1bxNESEgk/iSLoGdDTHHB72eh2NT:7vr62XlaSFNWPjljiFXRoUYIJxbc
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Executes dropped EXE
-
Drops file in System32 directory
-