General
-
Target
исх. № 203-7-223.exe
-
Size
3.9MB
-
Sample
240530-lzk9maef48
-
MD5
b048977c762a6e84a15e1c1902a6dda2
-
SHA1
61cde72ee6194ec5ce65a55f96592c4e2ad32991
-
SHA256
ccf5ca717cb1cb0edc9d4350639b583e48de04fc62728ccf12023145482ad3c5
-
SHA512
c09aa1871827dc64f9298324354806c38eee72a4e837ec099b7b0ae569ff1231656503d8cb375ba2aaaa7fc2c4f535fde7f91e9f60b5d4c0e75150ae5ceb365b
-
SSDEEP
98304:Lxv+7XiqJRaNV+JzRGtDbuxOjy33iVUav:Lxvw0KJEsxsUav
Static task
static1
Behavioral task
behavioral1
Sample
исх. № 203-7-223.exe
Resource
win7-20240220-en
Malware Config
Extracted
quasar
1.4.1
29_05
193.124.33.141:4782
da09c009-cbaa-4e3e-99a0-43ad74359ce0
-
encryption_key
DD459BB92A43EF8EEB2FE401C8453F685AECE590
-
install_name
ChromiumDaemon.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Chromium Extentions Service
-
subdirectory
ChromiumExtentions
Targets
-
-
Target
исх. № 203-7-223.exe
-
Size
3.9MB
-
MD5
b048977c762a6e84a15e1c1902a6dda2
-
SHA1
61cde72ee6194ec5ce65a55f96592c4e2ad32991
-
SHA256
ccf5ca717cb1cb0edc9d4350639b583e48de04fc62728ccf12023145482ad3c5
-
SHA512
c09aa1871827dc64f9298324354806c38eee72a4e837ec099b7b0ae569ff1231656503d8cb375ba2aaaa7fc2c4f535fde7f91e9f60b5d4c0e75150ae5ceb365b
-
SSDEEP
98304:Lxv+7XiqJRaNV+JzRGtDbuxOjy33iVUav:Lxvw0KJEsxsUav
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-