General
-
Target
SOOS.BAT
-
Size
409KB
-
Sample
240627-bxzzwsvhra
-
MD5
ec30cc1b42fa77bd6cf1939c36e9bf45
-
SHA1
2c135066690905a45988ab4cc9e41c23e609846e
-
SHA256
a2fa0250843e7ada653086224913ebcb48bb47d5de5c738dc0e5367af863a3ae
-
SHA512
2610c655abbf162bae1620aa02e29774c5324b7b831cd76505999a12ca4fa2706a5a6479c8a7c553d480569a8e93322bbc9e34e9a37705171714ce0ee51dcbd7
-
SSDEEP
6144:RM99p1kREG60olSLzNUrUFLzG79XFHg60e1qpzbP7ZCjUb1P3SXhxu332oOwuSgo:gpiREGJxzNUrU9G7yNGxEmAuSz
Malware Config
Extracted
quasar
3.1.5
.
put-kenny.gl.at.ply.gg:3357
$Sxr-GV6wZsGZZMeZ3qfenc
-
encryption_key
rn7eoqYIHaNURuVxooma
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
Windows Defender Anti-Malware Disable Startup
-
subdirectory
SubDir
Targets
-
-
Target
SOOS.BAT
-
Size
409KB
-
MD5
ec30cc1b42fa77bd6cf1939c36e9bf45
-
SHA1
2c135066690905a45988ab4cc9e41c23e609846e
-
SHA256
a2fa0250843e7ada653086224913ebcb48bb47d5de5c738dc0e5367af863a3ae
-
SHA512
2610c655abbf162bae1620aa02e29774c5324b7b831cd76505999a12ca4fa2706a5a6479c8a7c553d480569a8e93322bbc9e34e9a37705171714ce0ee51dcbd7
-
SSDEEP
6144:RM99p1kREG60olSLzNUrUFLzG79XFHg60e1qpzbP7ZCjUb1P3SXhxu332oOwuSgo:gpiREGJxzNUrU9G7yNGxEmAuSz
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-