General
-
Target
36c5e613a6f16466cfbea6b74f926cb9d357bf78e1e229d9f47f38e7b78a7291.exe
-
Size
3.3MB
-
Sample
241103-c11ahavphn
-
MD5
b658c5d7ed9cd9d40992885120e78450
-
SHA1
a96eede3e39827b1f975c1dfdec8917b981f1330
-
SHA256
36c5e613a6f16466cfbea6b74f926cb9d357bf78e1e229d9f47f38e7b78a7291
-
SHA512
62e9bfc7fac1e3a26ba3578f49d800793c5ffa02bb61786c600c69808424047285a297438075c40539fb96cbea4652a1bfdcf36e5b86b9a0687c6f67502855be
-
SSDEEP
98304:smDurDWcs5SUUhjH5iv1B/fGJD21MV4tJ+r3dXmJ:smOW5Chj5iv1B/fED21mrgJ
Static task
static1
Behavioral task
behavioral1
Sample
36c5e613a6f16466cfbea6b74f926cb9d357bf78e1e229d9f47f38e7b78a7291.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Office04
83.168.110.87:4782
e7550a93-a385-490f-a2f8-5d9e1b5fd98b
-
encryption_key
19FB99CC4D38C38330C88E623B7FD5B15277B769
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
puttystart
-
subdirectory
SubDir
Targets
-
-
Target
36c5e613a6f16466cfbea6b74f926cb9d357bf78e1e229d9f47f38e7b78a7291.exe
-
Size
3.3MB
-
MD5
b658c5d7ed9cd9d40992885120e78450
-
SHA1
a96eede3e39827b1f975c1dfdec8917b981f1330
-
SHA256
36c5e613a6f16466cfbea6b74f926cb9d357bf78e1e229d9f47f38e7b78a7291
-
SHA512
62e9bfc7fac1e3a26ba3578f49d800793c5ffa02bb61786c600c69808424047285a297438075c40539fb96cbea4652a1bfdcf36e5b86b9a0687c6f67502855be
-
SSDEEP
98304:smDurDWcs5SUUhjH5iv1B/fGJD21MV4tJ+r3dXmJ:smOW5Chj5iv1B/fED21mrgJ
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-