General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
241104-d6re8atarr
-
MD5
f5b93af3ee1b64dacd2bac9ba4af9b27
-
SHA1
1f2a038199a71a2b917dca4dff2f5fac5e840978
-
SHA256
48d4fde21b28f0614fdf124f83f5594bddc13292f21b775da58b017385a49b01
-
SHA512
83703b0f567723abe3d6b34bd419be5df3475e049ae8893993fec017da9a420cd875184c570bdffbfc0bccac662762991885dea8ebcc2af172b3aac2fb00a302
-
SSDEEP
49152:mv2I22SsaNYfdPBldt698dBcjHQzRJ6TbR3LoGd/oobTHHB72eh2NT:mvb22SsaNYfdPBldt6+dBcjHQzRJ6FA
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
quasar
1.4.1
Office04
Inversin-43597.portmap.host:43597
80329fd2-f063-4b06-9c7e-8dbc6278c2a3
-
encryption_key
744EA1A385FEBC6DA96387411B7000D77E66B075
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
java updater
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
f5b93af3ee1b64dacd2bac9ba4af9b27
-
SHA1
1f2a038199a71a2b917dca4dff2f5fac5e840978
-
SHA256
48d4fde21b28f0614fdf124f83f5594bddc13292f21b775da58b017385a49b01
-
SHA512
83703b0f567723abe3d6b34bd419be5df3475e049ae8893993fec017da9a420cd875184c570bdffbfc0bccac662762991885dea8ebcc2af172b3aac2fb00a302
-
SSDEEP
49152:mv2I22SsaNYfdPBldt698dBcjHQzRJ6TbR3LoGd/oobTHHB72eh2NT:mvb22SsaNYfdPBldt6+dBcjHQzRJ6FA
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1