General
-
Target
mielda loco 12.7z
-
Size
922KB
-
Sample
241107-v5cn4syqdq
-
MD5
441486cf8038d2f86fe265e7375390fe
-
SHA1
a94f83e1bc67bae7ad4088f2e35c80d956715220
-
SHA256
7939dbc108594835d67accfc36a503b7c1c60d8fd3b0726775d3889ba8cd733f
-
SHA512
7265b4f98af0a105b4cb5dc1e39f45e6e568f799898f037763dfdb72ff6851a6f66a5fd2f44e19298d9a0bdbf1b7d0938a5b86f187be87cad3d3be2a4bc1d957
-
SSDEEP
24576:6pdSFVQHYTE3oImE/b5Ug6Te7brnky1ffi:sGVQHYA3wgyg6o3kSfq
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
Cristopher11sa-62565.portmap.host:62565
e51e2b65-e963-4051-9736-67d57ed46798
-
encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
mielda loco 12.7z
-
Size
922KB
-
MD5
441486cf8038d2f86fe265e7375390fe
-
SHA1
a94f83e1bc67bae7ad4088f2e35c80d956715220
-
SHA256
7939dbc108594835d67accfc36a503b7c1c60d8fd3b0726775d3889ba8cd733f
-
SHA512
7265b4f98af0a105b4cb5dc1e39f45e6e568f799898f037763dfdb72ff6851a6f66a5fd2f44e19298d9a0bdbf1b7d0938a5b86f187be87cad3d3be2a4bc1d957
-
SSDEEP
24576:6pdSFVQHYTE3oImE/b5Ug6Te7brnky1ffi:sGVQHYA3wgyg6o3kSfq
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-