General
-
Target
ConsoleSniffer.exe
-
Size
1.1MB
-
Sample
240519-2fw5saeb58
-
MD5
df5a226b6c70691c85cbf776a17fd221
-
SHA1
b9007715c4c3775c6df8ad77c745df0ca1f97650
-
SHA256
7e5e87faf066201221548d5a8912582d7cdff43dac06331b68aa81a072f8bd21
-
SHA512
fd0d4d8a86cd155a62dbaa023ee2f6ae83a39d7a7b927aa7401f598b9edbce47ef4bb850f82a76a1f61549357193742541c38468bd3f68f84979dd5b395b136a
-
SSDEEP
24576:T4JMDRy3iWOdqZjdV5vQukdLAk+C4j6tqYsbMGYq+OiDnQArGC11W84UQBrPatc8:ToMDY/kL+ClNtn
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
Target
185.217.1.170:56098
QSR_MUTEX_mXJYTiCQWK23RFk8eh
-
encryption_key
ieA7XwTMJRwb9d92uUFd
-
install_name
WindowsRun.exe
-
log_directory
Logs
-
reconnect_delay
300
-
startup_key
WindowsRuntiime
-
subdirectory
WindowsRep
Targets
-
-
Target
ConsoleSniffer.exe
-
Size
1.1MB
-
MD5
df5a226b6c70691c85cbf776a17fd221
-
SHA1
b9007715c4c3775c6df8ad77c745df0ca1f97650
-
SHA256
7e5e87faf066201221548d5a8912582d7cdff43dac06331b68aa81a072f8bd21
-
SHA512
fd0d4d8a86cd155a62dbaa023ee2f6ae83a39d7a7b927aa7401f598b9edbce47ef4bb850f82a76a1f61549357193742541c38468bd3f68f84979dd5b395b136a
-
SSDEEP
24576:T4JMDRy3iWOdqZjdV5vQukdLAk+C4j6tqYsbMGYq+OiDnQArGC11W84UQBrPatc8:ToMDY/kL+ClNtn
-
Quasar payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-