General
-
Target
tt.dll
-
Size
701KB
-
Sample
240626-wh19mavhme
-
MD5
06a20e5e74f5ac4e9401e6b2fdee792a
-
SHA1
e3f3ebc5a0fc959e71c5479bbb84eee447b847c1
-
SHA256
04d9a18f7d512ef8f93c21981c9f19eb292c030444d5677eab66112048fc5878
-
SHA512
cec70c451d92fcefd0ae643cd882dea156b60d3f7451dfbad1c6789c6e361491252bdbd42cf772a4b7972def07c1a37692792856887abd611acbe84de0ff86d4
-
SSDEEP
12288:3X5xda/HVGO7BKXTBUi5xhIQub/9DqdIF4UzV3a58tQG5:LdaPVGOlu7Hub/9hF4UE58mG
Static task
static1
Behavioral task
behavioral1
Sample
tt.dll
Resource
win7-20240419-en
Malware Config
Extracted
quasar
1.4.0.0
bhm
134.122.3.3:8888
bS2FweHbmsGvSoaeif
-
encryption_key
uLtwgUQwj4RmeWCoiXJv
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
tt.dll
-
Size
701KB
-
MD5
06a20e5e74f5ac4e9401e6b2fdee792a
-
SHA1
e3f3ebc5a0fc959e71c5479bbb84eee447b847c1
-
SHA256
04d9a18f7d512ef8f93c21981c9f19eb292c030444d5677eab66112048fc5878
-
SHA512
cec70c451d92fcefd0ae643cd882dea156b60d3f7451dfbad1c6789c6e361491252bdbd42cf772a4b7972def07c1a37692792856887abd611acbe84de0ff86d4
-
SSDEEP
12288:3X5xda/HVGO7BKXTBUi5xhIQub/9DqdIF4UzV3a58tQG5:LdaPVGOlu7Hub/9hF4UE58mG
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-