General
-
Target
2024-11-02_ab3645924d8778ff67010227f5ca5e00_icedid_poet-rat_quasar-rat_xrat
-
Size
4.8MB
-
Sample
241102-jcfphs1cqj
-
MD5
ab3645924d8778ff67010227f5ca5e00
-
SHA1
1e51f15f3f0b6c44b12eb21e50cfb8886ffd7e8a
-
SHA256
96c634c1e1c36808ad958b40621d8c7a13c6547ab74a5c9ccb6244a116d78116
-
SHA512
a6df667e691213fae398a701f083c0011f2d98aff78795aa71ea4b3f94f0781c83d109c889f9ff14f8e729428cdfb07bb235c21d52b0a90cd51be763fea0192d
-
SSDEEP
98304:8vkNM5qKvr22SsaNYfdPBldt6+dBcjHtKRJ6BgIbzZ2IbzZY:lCM7jGIrXK
Behavioral task
behavioral1
Sample
2024-11-02_ab3645924d8778ff67010227f5ca5e00_icedid_poet-rat_quasar-rat_xrat.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-11-02_ab3645924d8778ff67010227f5ca5e00_icedid_poet-rat_quasar-rat_xrat
-
Size
4.8MB
-
MD5
ab3645924d8778ff67010227f5ca5e00
-
SHA1
1e51f15f3f0b6c44b12eb21e50cfb8886ffd7e8a
-
SHA256
96c634c1e1c36808ad958b40621d8c7a13c6547ab74a5c9ccb6244a116d78116
-
SHA512
a6df667e691213fae398a701f083c0011f2d98aff78795aa71ea4b3f94f0781c83d109c889f9ff14f8e729428cdfb07bb235c21d52b0a90cd51be763fea0192d
-
SSDEEP
98304:8vkNM5qKvr22SsaNYfdPBldt6+dBcjHtKRJ6BgIbzZ2IbzZY:lCM7jGIrXK
-
Quasar family
-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-