General
-
Target
30c381a042e571d4d749f7aff6e1b17d77100ad35368c9a67136c1b5436c79cb.exe
-
Size
3.1MB
-
Sample
240721-jld72sybjp
-
MD5
9167d3b0a23d7297adec5765d95085e8
-
SHA1
aac8386cbce54562957aadb0dc7fe8e6e231cae3
-
SHA256
30c381a042e571d4d749f7aff6e1b17d77100ad35368c9a67136c1b5436c79cb
-
SHA512
4e61f54e241ae253bcadd97cbd85db92947d6f9aa5df6c592d351bd69efd85a264ae3530e0aec00c41ce337ce0065709ec5c03759d6b3ce6a414500a6d03e695
-
SSDEEP
49152:XvGhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaCO1TqMartToGd3THHB72eh2NT:Xvot2d5aKCuVPzlEmVQ0wvwfvxqb
Behavioral task
behavioral1
Sample
30c381a042e571d4d749f7aff6e1b17d77100ad35368c9a67136c1b5436c79cb.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.1
Office04
Jamalhacker-55716.portmap.host:55716
d9a4b732-5ed3-49c0-a650-198571d9b9a9
-
encryption_key
A02B54BA4DB9446C1CB7FBE79D3509275E1D59B9
-
install_name
Windows defender.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows defender backup
-
subdirectory
SubDir
Targets
-
-
Target
30c381a042e571d4d749f7aff6e1b17d77100ad35368c9a67136c1b5436c79cb.exe
-
Size
3.1MB
-
MD5
9167d3b0a23d7297adec5765d95085e8
-
SHA1
aac8386cbce54562957aadb0dc7fe8e6e231cae3
-
SHA256
30c381a042e571d4d749f7aff6e1b17d77100ad35368c9a67136c1b5436c79cb
-
SHA512
4e61f54e241ae253bcadd97cbd85db92947d6f9aa5df6c592d351bd69efd85a264ae3530e0aec00c41ce337ce0065709ec5c03759d6b3ce6a414500a6d03e695
-
SSDEEP
49152:XvGhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaCO1TqMartToGd3THHB72eh2NT:Xvot2d5aKCuVPzlEmVQ0wvwfvxqb
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-