General
-
Target
b908aa8080c5db3065ad271c7526ac50a873270825fc636246bc37ea01af8306.exe
-
Size
915KB
-
Sample
241107-rne65asrfs
-
MD5
79230f7919ceacf3691022cd98371ac9
-
SHA1
0744f3c5943c02459ec981a8c5aa8f70354e231d
-
SHA256
b908aa8080c5db3065ad271c7526ac50a873270825fc636246bc37ea01af8306
-
SHA512
5e58efbe54384fa149fd161e6c0a8a02222206aa49c76d3a82442a4988c057b60bdbd18f3c5a1a54df979583f7efd1e62a96516b7872ddf92ee1a1280fea21a5
-
SSDEEP
12288:QTm5HboTOZCdLPW4y/mA0vavdKicFJlvLhy+CYYOCXleLdJw7FFSXnKpSDCjap:QC/lwaUicFs+CYYOz2FFf4
Static task
static1
Behavioral task
behavioral1
Sample
b908aa8080c5db3065ad271c7526ac50a873270825fc636246bc37ea01af8306.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
b908aa8080c5db3065ad271c7526ac50a873270825fc636246bc37ea01af8306.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.3.0.0
Nero Burning
craftUP.giize.com:1981
BBzSa82IRLs6ETOrGg
-
encryption_key
3rtKM7Lqb1dyokF6xwWI
-
install_name
Client.exe
-
log_directory
VR
-
reconnect_delay
4000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
b908aa8080c5db3065ad271c7526ac50a873270825fc636246bc37ea01af8306.exe
-
Size
915KB
-
MD5
79230f7919ceacf3691022cd98371ac9
-
SHA1
0744f3c5943c02459ec981a8c5aa8f70354e231d
-
SHA256
b908aa8080c5db3065ad271c7526ac50a873270825fc636246bc37ea01af8306
-
SHA512
5e58efbe54384fa149fd161e6c0a8a02222206aa49c76d3a82442a4988c057b60bdbd18f3c5a1a54df979583f7efd1e62a96516b7872ddf92ee1a1280fea21a5
-
SSDEEP
12288:QTm5HboTOZCdLPW4y/mA0vavdKicFJlvLhy+CYYOCXleLdJw7FFSXnKpSDCjap:QC/lwaUicFs+CYYOz2FFf4
-
Quasar family
-
Quasar payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-