General
-
Target
07412fb8708bdbd23115743c4856981eb03873b755d0fbd4ec7745a642dff25c.exe
-
Size
13KB
-
Sample
240722-selg8atcqg
-
MD5
17db34e555e545ce20f804526a31ed48
-
SHA1
ab18d1d10a85f9e04ed0f04df592e502a54d406b
-
SHA256
07412fb8708bdbd23115743c4856981eb03873b755d0fbd4ec7745a642dff25c
-
SHA512
925776bb12d3c30c9688adadb4ebc006901bbd8e8c65535af8eddafd18e19e38135d2e734a144ee2e2d66d92fea5a59ac4925836227dc6af11ecca2788ce2aeb
-
SSDEEP
384:r7sBDLLNnwR1VvzbL7MCa2l0/NHyq4b3dY6Er:r7aw3Vb0xVdsNGr
Static task
static1
Behavioral task
behavioral1
Sample
07412fb8708bdbd23115743c4856981eb03873b755d0fbd4ec7745a642dff25c.exe
Resource
win7-20240704-en
Malware Config
Extracted
quasar
1.4.1
Office04
85.28.47.123:4782
37891bd4-27a1-4fb6-aecb-ba06bb063e71
-
encryption_key
7970C2029EDBB83E6BD65073BE18684AC9FF3F48
-
install_name
KR6nDu9fLhop1bFe.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
defender.proces
-
subdirectory
SubDir
Targets
-
-
Target
07412fb8708bdbd23115743c4856981eb03873b755d0fbd4ec7745a642dff25c.exe
-
Size
13KB
-
MD5
17db34e555e545ce20f804526a31ed48
-
SHA1
ab18d1d10a85f9e04ed0f04df592e502a54d406b
-
SHA256
07412fb8708bdbd23115743c4856981eb03873b755d0fbd4ec7745a642dff25c
-
SHA512
925776bb12d3c30c9688adadb4ebc006901bbd8e8c65535af8eddafd18e19e38135d2e734a144ee2e2d66d92fea5a59ac4925836227dc6af11ecca2788ce2aeb
-
SSDEEP
384:r7sBDLLNnwR1VvzbL7MCa2l0/NHyq4b3dY6Er:r7aw3Vb0xVdsNGr
-
Quasar payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-