General
-
Target
8e4b03326da8410bfdf148a4e8f16d30N.exe
-
Size
1.6MB
-
Sample
240806-lncs4szdjg
-
MD5
8e4b03326da8410bfdf148a4e8f16d30
-
SHA1
70f5283a78c6b2299ce634e46a53da08ebda6a3f
-
SHA256
8f184572b6aa8674cb0f4c5063268f2270b992e31b9f6f970a96e384e2b2462f
-
SHA512
a256a9bc2739d7b9f6dcd631438ec62c39e084f4e40e474501a1ad1c9d277fe14258fe84cd434a51751011028413ac7d5261cbe6208baf7e59cda798ebb03513
-
SSDEEP
24576:hEeqQq3K9YIrFiM6MKDXAW5cXRpRyhoVbbnbiG+Jmjdeex9QHJQj6eR4d286ox:hEuq6KIPPYcB72mZ33LZ4d36K
Static task
static1
Behavioral task
behavioral1
Sample
8e4b03326da8410bfdf148a4e8f16d30N.exe
Resource
win7-20240704-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.56.1:4782
cd908738-16a9-4ffb-bb3c-998c796dbba0
-
encryption_key
9ADFCC480992B53D083A408F972D6494741286BE
-
install_name
Windows Defender.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
8e4b03326da8410bfdf148a4e8f16d30N.exe
-
Size
1.6MB
-
MD5
8e4b03326da8410bfdf148a4e8f16d30
-
SHA1
70f5283a78c6b2299ce634e46a53da08ebda6a3f
-
SHA256
8f184572b6aa8674cb0f4c5063268f2270b992e31b9f6f970a96e384e2b2462f
-
SHA512
a256a9bc2739d7b9f6dcd631438ec62c39e084f4e40e474501a1ad1c9d277fe14258fe84cd434a51751011028413ac7d5261cbe6208baf7e59cda798ebb03513
-
SSDEEP
24576:hEeqQq3K9YIrFiM6MKDXAW5cXRpRyhoVbbnbiG+Jmjdeex9QHJQj6eR4d286ox:hEuq6KIPPYcB72mZ33LZ4d36K
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-