General
-
Target
SOOS.BAT
-
Size
409KB
-
Sample
240627-bw62tavhmf
-
MD5
9137a809697df320b8ff83a42d494cd1
-
SHA1
a0cc0aa7e4738a7fec2ec471ef097699c5cbf427
-
SHA256
d3a37a5309c003b80f594e9e89638d315b3490c6a31e96d5b1aa709f81f9f1f3
-
SHA512
4a2ee72a71b6c6e59ab92717f4e85ef9a9e8ff8234543aab40e3ace94fc8c0499b7a8a7622017c11877d8657a6dec9c52abd055869d4b05a305fbac23f74570f
-
SSDEEP
6144:3M99p1kREG60olEpXPSzCOVC47XF9EKlPlSbWODeKV6V5OYoR0AWSqS:SpiREGJLpXPSnh0DeKV6V5noDW5S
Malware Config
Extracted
quasar
3.1.5
.
put-kenny.gl.at.ply.gg:3357
$Sxr-GV6wZsGZZMeZ3qfenc
-
encryption_key
whtkhgSUV97PQQR3Udrc
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
Windows Defender Anti-Malware Disable Startup
-
subdirectory
SubDir
Targets
-
-
Target
SOOS.BAT
-
Size
409KB
-
MD5
9137a809697df320b8ff83a42d494cd1
-
SHA1
a0cc0aa7e4738a7fec2ec471ef097699c5cbf427
-
SHA256
d3a37a5309c003b80f594e9e89638d315b3490c6a31e96d5b1aa709f81f9f1f3
-
SHA512
4a2ee72a71b6c6e59ab92717f4e85ef9a9e8ff8234543aab40e3ace94fc8c0499b7a8a7622017c11877d8657a6dec9c52abd055869d4b05a305fbac23f74570f
-
SSDEEP
6144:3M99p1kREG60olEpXPSzCOVC47XF9EKlPlSbWODeKV6V5OYoR0AWSqS:SpiREGJLpXPSnh0DeKV6V5noDW5S
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-