Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
02-11-2024 11:37
Behavioral task
behavioral1
Sample
1f3469a8fd7caca66a4671b2c690c43444df472e07b7c50579f393caed22febbN.exe
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
General
-
Target
1f3469a8fd7caca66a4671b2c690c43444df472e07b7c50579f393caed22febbN.exe
-
Size
3.2MB
-
MD5
661d97bf8a860f4c1c09e0adac6df010
-
SHA1
2fcafe06a7c805c4a66414653daa7e8aaf44bca3
-
SHA256
1f3469a8fd7caca66a4671b2c690c43444df472e07b7c50579f393caed22febb
-
SHA512
7b78c0c659c4dc070846ca527318c548fa7f4ffc2cf2fbba6b0eb669dd518c7b0f975353abc65290634e090489510ac5a8fe9a359adfd2beb447bd159ed51203
-
SSDEEP
98304:0nBuA2BXSa+H5CPXlUtSne+kHavaJLWSXx:qAyH9JZx
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Client
C2
127.0.0.1:4782
Mutex
61532b95-7e68-4f90-b731-74b8f53e9b2c
Attributes
-
encryption_key
E3BF68159E0B10A9065F35FBF477BC257A6CA82E
-
install_name
malware.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
malware
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4356-1-0x0000000000220000-0x0000000000554000-memory.dmp family_quasar -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1f3469a8fd7caca66a4671b2c690c43444df472e07b7c50579f393caed22febbN.exedescription pid Process Token: SeDebugPrivilege 4356 1f3469a8fd7caca66a4671b2c690c43444df472e07b7c50579f393caed22febbN.exe