General
-
Target
clienttdl.exe
-
Size
4KB
-
Sample
240430-d9dcrsca7s
-
MD5
17d8bf8bce96dde9e44d1d610778e963
-
SHA1
21ae4d732a12379749a2f2cb25a60305d68fcc05
-
SHA256
a69daec480a6a18ca22d6acdaa79bf8a1f870b7fab8e38dd4fbf7cdcb530eba5
-
SHA512
8537744a4cd3fc4785c27c0a0b703b998152d564db5e2482c94bc9654ad411b40f765078b4b427c671c95ad8dcebf7ebf194ee71ec9db3bf6115cbc136db48e6
-
SSDEEP
96:x+d8EY6Rfd74DHd69sxfNp9nxfpnJd3ojDrl:guEY6Rfd74D969sl9n7nJd+
Static task
static1
Behavioral task
behavioral1
Sample
clienttdl.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
clienttdl.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
quasar
1.4.1
Office04
93.123.85.108:4782
e14b8f59-979b-4ebf-8602-dd3c4d6c301e
-
encryption_key
534734397C0FA9A1D28F061AD75DF4100BFF5787
-
install_name
Msconfig.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
msconfig.exe
-
subdirectory
SubDir
Targets
-
-
Target
clienttdl.exe
-
Size
4KB
-
MD5
17d8bf8bce96dde9e44d1d610778e963
-
SHA1
21ae4d732a12379749a2f2cb25a60305d68fcc05
-
SHA256
a69daec480a6a18ca22d6acdaa79bf8a1f870b7fab8e38dd4fbf7cdcb530eba5
-
SHA512
8537744a4cd3fc4785c27c0a0b703b998152d564db5e2482c94bc9654ad411b40f765078b4b427c671c95ad8dcebf7ebf194ee71ec9db3bf6115cbc136db48e6
-
SSDEEP
96:x+d8EY6Rfd74DHd69sxfNp9nxfpnJd3ojDrl:guEY6Rfd74D969sl9n7nJd+
-
Quasar payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-