General
-
Target
8fb841a089ce2c1c760ef67e5bde9a08.exe
-
Size
773KB
-
Sample
241101-zfx1zatkdw
-
MD5
8fb841a089ce2c1c760ef67e5bde9a08
-
SHA1
9ba26c8f25a276a87175ae9eac909a8f4d97fd71
-
SHA256
a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35
-
SHA512
a16739df2c02ea5e2116e1f2283a0f57d0a57e52431fa746c3334df20fbb4e96db6d1c4c5ed47cb92cb491afcd170794a0b31bde1180cff13caaaa9be59aa8e4
-
SSDEEP
24576:yoYAPo8TjClMteQB+JRVK7Ys4r7eTBp7cE7qzuS:yJFQjI9m+c7FpBZ7Iu
Static task
static1
Behavioral task
behavioral1
Sample
8fb841a089ce2c1c760ef67e5bde9a08.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.3.0.0
VTROY
31.13.224.12:61512
31.13.224.13:61513
QSR_MUTEX_4Q2rJqiVyC7hohzbjx
-
encryption_key
7Vp2dMCHrMjJthQ2Elyy
-
install_name
downloads.exe
-
log_directory
Logs
-
reconnect_delay
5000
-
startup_key
cssrse.exe
-
subdirectory
downloadupdates
Targets
-
-
Target
8fb841a089ce2c1c760ef67e5bde9a08.exe
-
Size
773KB
-
MD5
8fb841a089ce2c1c760ef67e5bde9a08
-
SHA1
9ba26c8f25a276a87175ae9eac909a8f4d97fd71
-
SHA256
a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35
-
SHA512
a16739df2c02ea5e2116e1f2283a0f57d0a57e52431fa746c3334df20fbb4e96db6d1c4c5ed47cb92cb491afcd170794a0b31bde1180cff13caaaa9be59aa8e4
-
SSDEEP
24576:yoYAPo8TjClMteQB+JRVK7Ys4r7eTBp7cE7qzuS:yJFQjI9m+c7FpBZ7Iu
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-