General
-
Target
49416c6ff8ab8acdb58cc76313b37e40N.exe
-
Size
7.3MB
-
Sample
240726-ya2xastbph
-
MD5
49416c6ff8ab8acdb58cc76313b37e40
-
SHA1
6ef696eebbe4044a1042ecf05da6165b866f7c7f
-
SHA256
e8495cf162901ea41b563416d6bae7314fc326153909fc4dc2fbf3789bb4ddce
-
SHA512
bce5705d168ae73910503d588b282ab9f4a133e06df9ba0abfff26d570e5eca12c333d9918adc35f4ff3320eeebf8508807ecf8b686058bab6fab8301641cb33
-
SSDEEP
98304:YvA22SsaNYfdPBldt6+dBcjHzwRJ6q3uJn/ML1u+GgQMn4c7/u4k4m97os4s4kB2:G17jKf3cML1u+GgV77/kZoWt7SovTTGj
Behavioral task
behavioral1
Sample
49416c6ff8ab8acdb58cc76313b37e40N.exe
Resource
win7-20240704-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Extracted
quasar
1.4.1
Office04
HuntyLeCrack-34455.portmap.host:34455
c0bb0db4-b3db-4375-8023-6295f7dafdfb
-
encryption_key
1F0B9B038FAD9F718417CAD9EA9E69943C71D876
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Updater
-
subdirectory
SubDir
Targets
-
-
Target
49416c6ff8ab8acdb58cc76313b37e40N.exe
-
Size
7.3MB
-
MD5
49416c6ff8ab8acdb58cc76313b37e40
-
SHA1
6ef696eebbe4044a1042ecf05da6165b866f7c7f
-
SHA256
e8495cf162901ea41b563416d6bae7314fc326153909fc4dc2fbf3789bb4ddce
-
SHA512
bce5705d168ae73910503d588b282ab9f4a133e06df9ba0abfff26d570e5eca12c333d9918adc35f4ff3320eeebf8508807ecf8b686058bab6fab8301641cb33
-
SSDEEP
98304:YvA22SsaNYfdPBldt6+dBcjHzwRJ6q3uJn/ML1u+GgQMn4c7/u4k4m97os4s4kB2:G17jKf3cML1u+GgV77/kZoWt7SovTTGj
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-