General
-
Target
2024-08-06_3a17772d2540ed014741e236f6c30fd9_icedid_poet-rat_quasar-rat_xrat
-
Size
4.8MB
-
Sample
240806-awt7ksxdpg
-
MD5
3a17772d2540ed014741e236f6c30fd9
-
SHA1
e7c536f209c05680b4a2e123b2e260a2886b84a3
-
SHA256
1a66aae122d7e5e31e88b8965f39e81933853528172ec885d0fd7250f1b4b1e9
-
SHA512
7b3fd1e706dddab1a3b1f3d9c49557dae852a31890354d89c46a99ba7c8460676e28a31e306d8901e15dbf748ca7679b535709b758d2df3902d24d74a5f2b210
-
SSDEEP
98304:u7CuwhYbivr22SsaNYfdPBldt6+dBcjHtKRJ6BjIbzZNIbzZY:enEM7jGI8EK
Behavioral task
behavioral1
Sample
2024-08-06_3a17772d2540ed014741e236f6c30fd9_icedid_poet-rat_quasar-rat_xrat.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-08-06_3a17772d2540ed014741e236f6c30fd9_icedid_poet-rat_quasar-rat_xrat
-
Size
4.8MB
-
MD5
3a17772d2540ed014741e236f6c30fd9
-
SHA1
e7c536f209c05680b4a2e123b2e260a2886b84a3
-
SHA256
1a66aae122d7e5e31e88b8965f39e81933853528172ec885d0fd7250f1b4b1e9
-
SHA512
7b3fd1e706dddab1a3b1f3d9c49557dae852a31890354d89c46a99ba7c8460676e28a31e306d8901e15dbf748ca7679b535709b758d2df3902d24d74a5f2b210
-
SSDEEP
98304:u7CuwhYbivr22SsaNYfdPBldt6+dBcjHtKRJ6BjIbzZNIbzZY:enEM7jGI8EK
-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-