General
-
Target
2024-05-25_74ac1825148109702a52be3db0aefa02_megazord
-
Size
3.9MB
-
Sample
240525-kdkwasbg99
-
MD5
74ac1825148109702a52be3db0aefa02
-
SHA1
3c225c5ac67009f0192e0de457c8ea8b69a68462
-
SHA256
2447438e200ce5fbb043278cd27960bb7ad9c8aa2767fc9331b5150d0b184b99
-
SHA512
b25d6bf9c14a5fa23686ea73df1af4a17a4e8af44cb1beb7490431473f26eb8ec52ebcb47304ef2a44989bd21bb10cfd98cecdb53acc4db306aeee1094a18071
-
SSDEEP
49152:DVNUO/YueL2PYCDbLftqxo1XEC2gFuVoPBsE1/HENJ9WvU:62OMLBryJB
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-25_74ac1825148109702a52be3db0aefa02_megazord.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.3.0.0
software
qassar23.ddns.net:1993
QSR_MUTEX_8qLPsMuUILG0w5xt01
-
encryption_key
FfICOWgR7IOmFn9viaox
-
install_name
Update service.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
software
-
subdirectory
microsofte
Targets
-
-
Target
2024-05-25_74ac1825148109702a52be3db0aefa02_megazord
-
Size
3.9MB
-
MD5
74ac1825148109702a52be3db0aefa02
-
SHA1
3c225c5ac67009f0192e0de457c8ea8b69a68462
-
SHA256
2447438e200ce5fbb043278cd27960bb7ad9c8aa2767fc9331b5150d0b184b99
-
SHA512
b25d6bf9c14a5fa23686ea73df1af4a17a4e8af44cb1beb7490431473f26eb8ec52ebcb47304ef2a44989bd21bb10cfd98cecdb53acc4db306aeee1094a18071
-
SSDEEP
49152:DVNUO/YueL2PYCDbLftqxo1XEC2gFuVoPBsE1/HENJ9WvU:62OMLBryJB
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables containing common artifacts observed in infostealers
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-