Analysis
-
max time kernel
111s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
02-11-2024 18:16
Static task
static1
Behavioral task
behavioral1
Sample
c64b2003bf92e9f6fe2100877beb9cf30e1a5a3f1289e4f44a601e01e95afadcN.exe
Resource
win7-20241010-en
General
-
Target
c64b2003bf92e9f6fe2100877beb9cf30e1a5a3f1289e4f44a601e01e95afadcN.exe
-
Size
1.0MB
-
MD5
7ccf1fdf90d92e8a7ebca6f935207440
-
SHA1
301ed5b0bd32f06a32855f659c9a44f0d1766d0a
-
SHA256
c64b2003bf92e9f6fe2100877beb9cf30e1a5a3f1289e4f44a601e01e95afadc
-
SHA512
a7957cb6fb3e418f0eda322433dcc8518fde5a66a4da2fe7cf53d96f710169bf1e55ad698f1ccf0124b39c4d3107d3e52672e6eeb279c03e4d613fe0557cb5a1
-
SSDEEP
24576:7P3JAsyS48MGN075+RFfdX0SOvYZKjVNhFpV1SLzknZ7cPR:7P3CFS4w075+DdVezFpVcon1cP
Malware Config
Extracted
quasar
1.3.0.0
HTROY
87.120.116.115:61510
onadeatcamsides.sytes.net:61511
QSR_MUTEX_ZAU4jFZ758CCGtDmef
-
encryption_key
rK1SiSuzs11zCQEpJeMg
-
install_name
Updates.exe
-
log_directory
Logs
-
reconnect_delay
30000
-
startup_key
NewUpdates
-
subdirectory
Mindow
Signatures
-
Processes:
c64b2003bf92e9f6fe2100877beb9cf30e1a5a3f1289e4f44a601e01e95afadcN.exedescription flow ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c64b2003bf92e9f6fe2100877beb9cf30e1a5a3f1289e4f44a601e01e95afadcN.exe 15 ip-api.com