General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
popbob
C2
26.54.54.253:4782
Mutex
e68ac88d-83ac-4c28-b500-1c248767b934
Attributes
-
encryption_key
DA4DBB9EE2FF6F37FD6386C21A06F055A9BEF02D
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Extracted
Family
asyncrat
Botnet
popbobin
C2
loan-mode.gl.at.ply.gg:3232
loan-mode.gl.at.ply.gg:56499
Attributes
-
delay
1
-
install
true
-
install_file
ooga booga.exe
-
install_folder
%AppData%
aes.plain
Targets
-
-
Target
https://github.com/adi33333333334?tab=repositories
-
Quasar payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-