General
-
Target
Update.bat
-
Size
328KB
-
Sample
240722-ewmvqawemf
-
MD5
3259c1bdc1ae4f60a513662a01d5afd2
-
SHA1
b3199b5f291df56d4ae2c97b2c8a545acc155041
-
SHA256
eea2dda0776cbf7f56bf73adc3da633e854ff44e7b68e778a4e9742c0ed77fc6
-
SHA512
ff32e3bc66b02e49c9c3a5f2b89a228bbf19bdf60726531baae215d980ae235c67d1bf72e7f36b69b68fb86f38af521dc4ce459ad20023a9665916742470f08e
-
SSDEEP
6144:wM8EPSig+RCN4pIBAZDIVe7TEQP+jkM1w1CJPCFg45BiXmTuYT:wSSicap7I6TEQGYMeCJKFg45omT3T
Static task
static1
Behavioral task
behavioral1
Sample
Update.bat
Resource
win10-20240404-en
Malware Config
Extracted
quasar
3.1.5
Office04
late-mills.gl.at.ply.gg:21882
$Sxr-GA3W8c5c96zLDbSSVg
-
encryption_key
bKtC4p0FyTyeoqDbfF6G
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SeroXen Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Update.bat
-
Size
328KB
-
MD5
3259c1bdc1ae4f60a513662a01d5afd2
-
SHA1
b3199b5f291df56d4ae2c97b2c8a545acc155041
-
SHA256
eea2dda0776cbf7f56bf73adc3da633e854ff44e7b68e778a4e9742c0ed77fc6
-
SHA512
ff32e3bc66b02e49c9c3a5f2b89a228bbf19bdf60726531baae215d980ae235c67d1bf72e7f36b69b68fb86f38af521dc4ce459ad20023a9665916742470f08e
-
SSDEEP
6144:wM8EPSig+RCN4pIBAZDIVe7TEQP+jkM1w1CJPCFg45BiXmTuYT:wSSicap7I6TEQGYMeCJKFg45omT3T
-
Quasar payload
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-