General
-
Target
fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
-
Size
348KB
-
Sample
240606-wd77dahe2s
-
MD5
fdee5aaea30d1a49dbcdc04ac7b82bf8
-
SHA1
b3ae176ea254e1f4c1eca52e1336b6ec48eed623
-
SHA256
fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
-
SHA512
21ce2507d379613e463c1bec8297f81f11fa4bf98cc5c4618ece3b6c548575b4c645696d315356f13fd8b2f34a856d18b8af94014df87e7a91a94a7d87cc9b8c
-
SSDEEP
6144:KzNHXf500M+xMMxnHRb/e7OZuNpWiZpjXu:0d50AMMV9e6ZWDZpjXu
Behavioral task
behavioral1
Sample
fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa.exe
Resource
win11-20240508-en
Malware Config
Extracted
quasar
1.3.0.0
pc da escola
179.98.34.150:7777
QSR_MUTEX_PElJTa6xx7XbLNJTpx
-
encryption_key
l9FCBP3JKJkND0t2dtN5
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
-
Size
348KB
-
MD5
fdee5aaea30d1a49dbcdc04ac7b82bf8
-
SHA1
b3ae176ea254e1f4c1eca52e1336b6ec48eed623
-
SHA256
fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
-
SHA512
21ce2507d379613e463c1bec8297f81f11fa4bf98cc5c4618ece3b6c548575b4c645696d315356f13fd8b2f34a856d18b8af94014df87e7a91a94a7d87cc9b8c
-
SSDEEP
6144:KzNHXf500M+xMMxnHRb/e7OZuNpWiZpjXu:0d50AMMV9e6ZWDZpjXu
Score10/10-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-