General
-
Target
b8fc2efcc33d3160f38fcb6b39319e6a.exe
-
Size
774KB
-
Sample
241102-hj21nazfmh
-
MD5
b8fc2efcc33d3160f38fcb6b39319e6a
-
SHA1
a61413a5b6c19b4a388e6c89aaa9304c657b3e08
-
SHA256
3df20b1c9806c327d72824f1b9a4ffcbe702d152fbf11fca42a36c862cbafd0a
-
SHA512
ba4ef7ec5dd7b9ad8ec49ef73315bded8ecc72212b11e3a1384b6d4f3f264867312cda41268a8d1df6fc8c3caa63813c15aa4ff29f0324360a95d59de3456d3b
-
SSDEEP
24576:XBx+Lv/QRiHCywDv2JIh7tJIYZFk+XJJ:xeXBm2JIDJNDXJ
Static task
static1
Behavioral task
behavioral1
Sample
b8fc2efcc33d3160f38fcb6b39319e6a.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.3.0.0
VTROY
31.13.224.12:61512
31.13.224.13:61513
QSR_MUTEX_4Q2rJqiVyC7hohzbjx
-
encryption_key
7Vp2dMCHrMjJthQ2Elyy
-
install_name
downloads.exe
-
log_directory
Logs
-
reconnect_delay
5000
-
startup_key
cssrse.exe
-
subdirectory
downloadupdates
Targets
-
-
Target
b8fc2efcc33d3160f38fcb6b39319e6a.exe
-
Size
774KB
-
MD5
b8fc2efcc33d3160f38fcb6b39319e6a
-
SHA1
a61413a5b6c19b4a388e6c89aaa9304c657b3e08
-
SHA256
3df20b1c9806c327d72824f1b9a4ffcbe702d152fbf11fca42a36c862cbafd0a
-
SHA512
ba4ef7ec5dd7b9ad8ec49ef73315bded8ecc72212b11e3a1384b6d4f3f264867312cda41268a8d1df6fc8c3caa63813c15aa4ff29f0324360a95d59de3456d3b
-
SSDEEP
24576:XBx+Lv/QRiHCywDv2JIh7tJIYZFk+XJJ:xeXBm2JIDJNDXJ
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-