General
-
Target
Cotizacin99026475526_pdf.com.exe
-
Size
3.5MB
-
Sample
241120-qzr5dsxcka
-
MD5
4a82d22fa6354daece680e49deb2ca2b
-
SHA1
370b26a5e33c3ae9fc567a22b57eedeb31b285c8
-
SHA256
a83b6e776af937398296eb1b06b65e9ea8226693b5a8337f35c8b8e42bebb23b
-
SHA512
1e5870c81ff59dab2afb07ab29d6ac1a5effdc6a869f9e0b23afeee0418d690cf46c05edd8825ba8b4a7b6e9fef3cf002115f41ec6a727a1c866ba94d739ff78
-
SSDEEP
98304:AKUGRNTsLRvcuO0EcF40Qyiptb28Guy2NprIgq:AjAov9Ou6cipx072Nprb
Static task
static1
Behavioral task
behavioral1
Sample
Cotizacin99026475526_pdf.com.exe
Resource
win7-20241010-en
Malware Config
Extracted
quasar
1.4.1
JEKWU
Zyg.ydns.eu:5829
Opy.ydns.eu:5829
9c58b2ba-07eb-415a-b48b-21bbb68d32285e
-
encryption_key
C5B555A83D127A9553D4FB1FCECB35CE8E91A447
-
install_name
outlooks.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Outlooks
-
subdirectory
WindowsUpdates
Targets
-
-
Target
Cotizacin99026475526_pdf.com.exe
-
Size
3.5MB
-
MD5
4a82d22fa6354daece680e49deb2ca2b
-
SHA1
370b26a5e33c3ae9fc567a22b57eedeb31b285c8
-
SHA256
a83b6e776af937398296eb1b06b65e9ea8226693b5a8337f35c8b8e42bebb23b
-
SHA512
1e5870c81ff59dab2afb07ab29d6ac1a5effdc6a869f9e0b23afeee0418d690cf46c05edd8825ba8b4a7b6e9fef3cf002115f41ec6a727a1c866ba94d739ff78
-
SSDEEP
98304:AKUGRNTsLRvcuO0EcF40Qyiptb28Guy2NprIgq:AjAov9Ou6cipx072Nprb
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-