General
-
Target
QS1.exe
-
Size
3.3MB
-
Sample
240925-ja1lxasgjl
-
MD5
407da4828b3b9126d6a0b6aa25a081c4
-
SHA1
3aeee655ab024657da645f9a05b53d40c9456d76
-
SHA256
a262b898726cdc4e487a7cbaa3d6440496897a2b406e0a049becb91d288eb0c2
-
SHA512
6f0fa435233a357e5c93f54b5d82a85ac9df1be8150a94ba47ac7920cdac50c7b630a89faa20509f369b9cb49314734e038c677f4c0ed7431847720825df489d
-
SSDEEP
49152:hX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qu:hlRsZ47/QXoHUOfAoj1x6u
Behavioral task
behavioral1
Sample
QS1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
QS1.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
QS1.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
meshagent
2
QS1
http://mc.kaminet.eu:443/agent.ashx
-
mesh_id
0xEE89D60F5CD6BC8AD4C27EB31F4E89CB92C52B0E217F715BD63BD9491D17D4F7427AB13D0C72EA406672528F6DC79861
-
server_id
A417F6622B66C84C5A6A0F6363F7C42AB877B26FD42E54C556B38C8026CBA894EE3DA91B087D9EC0AB62208B541506F6
-
wss
wss://mc.kaminet.eu:443/agent.ashx
Targets
-
-
Target
QS1.exe
-
Size
3.3MB
-
MD5
407da4828b3b9126d6a0b6aa25a081c4
-
SHA1
3aeee655ab024657da645f9a05b53d40c9456d76
-
SHA256
a262b898726cdc4e487a7cbaa3d6440496897a2b406e0a049becb91d288eb0c2
-
SHA512
6f0fa435233a357e5c93f54b5d82a85ac9df1be8150a94ba47ac7920cdac50c7b630a89faa20509f369b9cb49314734e038c677f4c0ed7431847720825df489d
-
SSDEEP
49152:hX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qu:hlRsZ47/QXoHUOfAoj1x6u
-
Detects MeshAgent payload
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-