General
-
Target
Stub.bat
-
Size
1.8MB
-
Sample
240805-1nxwlstbje
-
MD5
042c0717f5118b9f85bfb0790597f3d7
-
SHA1
ee93298d13751354c9e900af3595f22dfbffdedc
-
SHA256
2528f2829ab08c1db011c5e59e7e724a263c839ffd7f216927e49289f746c0c6
-
SHA512
d3fcc52aeef8d5d86f8396dc90e3fbb0eab1b9a4dbf193cae918f149cfa5ee3c000705904b33c6d6c42f93218f3ad71c86bf7b263020d6acd39bc8c01aa8329e
-
SSDEEP
24576:r0mpTJa6dpWQ04Bx+p+ZVf/IxgcccX8Ors/ORFUHh4ixecaocgUZSD9RRyGGDJ+k:rna6jxxAtTn0xe3nUUD4brUd7Ku
Static task
static1
Behavioral task
behavioral1
Sample
Stub.bat
Resource
win7-20240704-en
Malware Config
Extracted
quasar
1.4.1
Office04
147.185.221.20:18563
147.185.221.20:9835
c2e1b18a-ce93-436d-ad8b-21bf89015e19
-
encryption_key
9E968F05BD874BA1BE086FD1774A027473823F49
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Stub.bat
-
Size
1.8MB
-
MD5
042c0717f5118b9f85bfb0790597f3d7
-
SHA1
ee93298d13751354c9e900af3595f22dfbffdedc
-
SHA256
2528f2829ab08c1db011c5e59e7e724a263c839ffd7f216927e49289f746c0c6
-
SHA512
d3fcc52aeef8d5d86f8396dc90e3fbb0eab1b9a4dbf193cae918f149cfa5ee3c000705904b33c6d6c42f93218f3ad71c86bf7b263020d6acd39bc8c01aa8329e
-
SSDEEP
24576:r0mpTJa6dpWQ04Bx+p+ZVf/IxgcccX8Ors/ORFUHh4ixecaocgUZSD9RRyGGDJ+k:rna6jxxAtTn0xe3nUUD4brUd7Ku
-
Quasar payload
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-