General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
quasar
Attributes
-
encryption_key
3F319A19AC5FD2CF97521E439597AF0457B5E047
-
reconnect_delay
3000
Targets
-
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext