General
-
Target
Client-built.exe
-
Size
348KB
-
Sample
240602-wrdjxsbb73
-
MD5
3f99cb13866f63a572bfc49f56e49a21
-
SHA1
e968e6c46296389f04660d6811298025a5eef76f
-
SHA256
45259ac5a1fd635f5b2a41492f4156cc8476afd8e8764a9d61d3158599a75fd8
-
SHA512
042bca3a560803e9e3a1704a92278bbb63ffa3c7b7217eb7602a3c0a5b14d4ad71adb92423e937276df4f1e0a31c6c1ab51ef922e2c3d6ded9cded185edbffb2
-
SSDEEP
6144:ecEHwNHJsa2x0Kx4IKhIBbIVhpXZVn/DOxpxnKACXsK:nxpsalT5XVhpXHrOxrnLcsK
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Client-built.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
quasar
1.3.0.0
Client
runderscore00-61208.portmap.host:61208
QSR_MUTEX_UyCo16EyzQLUNZiVH0
-
encryption_key
AaATXyVYZ9AKtrWxhyCz
-
install_name
Client.exe
-
log_directory
Keylogs
-
reconnect_delay
3000
-
startup_key
Powershell
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
348KB
-
MD5
3f99cb13866f63a572bfc49f56e49a21
-
SHA1
e968e6c46296389f04660d6811298025a5eef76f
-
SHA256
45259ac5a1fd635f5b2a41492f4156cc8476afd8e8764a9d61d3158599a75fd8
-
SHA512
042bca3a560803e9e3a1704a92278bbb63ffa3c7b7217eb7602a3c0a5b14d4ad71adb92423e937276df4f1e0a31c6c1ab51ef922e2c3d6ded9cded185edbffb2
-
SSDEEP
6144:ecEHwNHJsa2x0Kx4IKhIBbIVhpXZVn/DOxpxnKACXsK:nxpsalT5XVhpXHrOxrnLcsK
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-