General
-
Target
159f657fbcc6e984293395b6c292b57bcdb6ebdc9cd5fd8551452260a99299ed.exe
-
Size
10.9MB
-
Sample
240726-bz1n7s1dra
-
MD5
84437f486f1e217d9632eb422501fe71
-
SHA1
21d6b1b128f29b449769f73ad30144da25429a8b
-
SHA256
159f657fbcc6e984293395b6c292b57bcdb6ebdc9cd5fd8551452260a99299ed
-
SHA512
c766fd25e3b3e95ddf3bb7750c5dac381c9be30a16f539534009a83295832f8c4cb6b325806c3d2115ad0f97fff7fd3192386f6a8296aeb7d6393b174390209e
-
SSDEEP
196608:K1ZYTxxaKXrPz9H2P/+BluqDpjiK299pl8sj864GjID4C8:DsKXnVDRQKshr864GjID4C8
Behavioral task
behavioral1
Sample
159f657fbcc6e984293395b6c292b57bcdb6ebdc9cd5fd8551452260a99299ed.exe
Resource
win7-20240704-en
Malware Config
Extracted
quasar
1.4.1
Office04
127.0.0.1:4782
81e63d28-e2f8-444a-a65c-9e2953d9fccc
-
encryption_key
9128320CBAFA989ABD1806CCB3DFAA229DAC9EC0
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
159f657fbcc6e984293395b6c292b57bcdb6ebdc9cd5fd8551452260a99299ed.exe
-
Size
10.9MB
-
MD5
84437f486f1e217d9632eb422501fe71
-
SHA1
21d6b1b128f29b449769f73ad30144da25429a8b
-
SHA256
159f657fbcc6e984293395b6c292b57bcdb6ebdc9cd5fd8551452260a99299ed
-
SHA512
c766fd25e3b3e95ddf3bb7750c5dac381c9be30a16f539534009a83295832f8c4cb6b325806c3d2115ad0f97fff7fd3192386f6a8296aeb7d6393b174390209e
-
SSDEEP
196608:K1ZYTxxaKXrPz9H2P/+BluqDpjiK299pl8sj864GjID4C8:DsKXnVDRQKshr864GjID4C8
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-