General
-
Target
skibidirat.exe
-
Size
3.1MB
-
Sample
240805-jythhavcmb
-
MD5
797c5548befc52f7b0dbedc8e6172184
-
SHA1
05e5fd623d589e9790e648348f05e317d926b8c4
-
SHA256
62e9fdaaf90da01ef28a26823e3442d73b93dc0e23d93139df631701cf6da260
-
SHA512
2ed20953b97ae2a2dfad7735dcef327f69cd08e9d2acaefd7a23dec0890463dd5a97c5cb1fb54634a052613b55752fc3ce624939dd89ef85bcdae5d46a19e0b5
-
SSDEEP
49152:xHobtR1o2PmNXo7WCr5Ft4Rw8FcXrYd+THHB72eh2NT:xHmRvmNXo7WCr5+w8A
Behavioral task
behavioral1
Sample
skibidirat.exe
Resource
win7-20240729-en
Malware Config
Extracted
quasar
1.4.1
Office04
147.185.221.18:42996
147.185.221.18:1770
c2e1b18a-ce93-436d-ad8b-21bf89015e19
-
encryption_key
9E968F05BD874BA1BE086FD1774A027473823F49
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
skibidirat.exe
-
Size
3.1MB
-
MD5
797c5548befc52f7b0dbedc8e6172184
-
SHA1
05e5fd623d589e9790e648348f05e317d926b8c4
-
SHA256
62e9fdaaf90da01ef28a26823e3442d73b93dc0e23d93139df631701cf6da260
-
SHA512
2ed20953b97ae2a2dfad7735dcef327f69cd08e9d2acaefd7a23dec0890463dd5a97c5cb1fb54634a052613b55752fc3ce624939dd89ef85bcdae5d46a19e0b5
-
SSDEEP
49152:xHobtR1o2PmNXo7WCr5Ft4Rw8FcXrYd+THHB72eh2NT:xHmRvmNXo7WCr5+w8A
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-