General
-
Target
Encrypted.exe
-
Size
9.0MB
-
Sample
240430-d8832sca51
-
MD5
78c78748cab54dcf941633f5297c1bf6
-
SHA1
0c0ee5e0694315bc3813c95d8561056dd8831bee
-
SHA256
4b3430ba8a4388133716b3747f00e9a98c99f37631aac98a03ff6bc8b674cf1e
-
SHA512
d2212b83a7a4ca4d428cb200f45cc723f6f41485ffd7856f6eeba00f86996f584009e3f2fc5bb0230bfaa96e9c75ac08d3a0c56a07fa94b03b5b220e3e63458f
-
SSDEEP
49152:/D34Eaz/gdH5o3T8VNZXPkp33BbXh4cpybjPimb+GbZ16xViBGGxxedCCaU0Ddd9:/EsHiAKJxDhpYqemxkDTfgY
Static task
static1
Behavioral task
behavioral1
Sample
Encrypted.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
93.123.85.108:4782
e14b8f59-979b-4ebf-8602-dd3c4d6c301e
-
encryption_key
534734397C0FA9A1D28F061AD75DF4100BFF5787
-
install_name
Msconfig.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
Encrypted.exe
-
Size
9.0MB
-
MD5
78c78748cab54dcf941633f5297c1bf6
-
SHA1
0c0ee5e0694315bc3813c95d8561056dd8831bee
-
SHA256
4b3430ba8a4388133716b3747f00e9a98c99f37631aac98a03ff6bc8b674cf1e
-
SHA512
d2212b83a7a4ca4d428cb200f45cc723f6f41485ffd7856f6eeba00f86996f584009e3f2fc5bb0230bfaa96e9c75ac08d3a0c56a07fa94b03b5b220e3e63458f
-
SSDEEP
49152:/D34Eaz/gdH5o3T8VNZXPkp33BbXh4cpybjPimb+GbZ16xViBGGxxedCCaU0Ddd9:/EsHiAKJxDhpYqemxkDTfgY
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-