General
-
Target
6915bde6ef5408870b2ccb6d578a4a0d753a2f6df3e286a41dbd68aaee70ba82N.exe
-
Size
480KB
-
Sample
241126-vlvqkswqhl
-
MD5
23f57c49b1d789e13d82223fbd441b30
-
SHA1
2c3aab73b66b19bc34b82f6cfb9e61f789152be5
-
SHA256
6915bde6ef5408870b2ccb6d578a4a0d753a2f6df3e286a41dbd68aaee70ba82
-
SHA512
379566c8a8f9290996d3c4ca241923032eb040434e07970b477cc8e5be3365c63a827ea37d4c2fe8ad1c717ae3a4bb1bdb7c37d5e9fb16766202d86fb5231e89
-
SSDEEP
12288:iww6xvH9M3Ir55+JpWQbe6Ef4D+2u+4gnflehWH:inKP9M4r55+JAQGf4D+2tleAH
Static task
static1
Behavioral task
behavioral1
Sample
6915bde6ef5408870b2ccb6d578a4a0d753a2f6df3e286a41dbd68aaee70ba82N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6915bde6ef5408870b2ccb6d578a4a0d753a2f6df3e286a41dbd68aaee70ba82N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.3.0.0
svchost.exe
23.227.174.82:4782
QSR_MUTEX_UtaUPinApnyZsQXsVE
-
encryption_key
hn8U0t79xWv7f03kzG79
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
6915bde6ef5408870b2ccb6d578a4a0d753a2f6df3e286a41dbd68aaee70ba82N.exe
-
Size
480KB
-
MD5
23f57c49b1d789e13d82223fbd441b30
-
SHA1
2c3aab73b66b19bc34b82f6cfb9e61f789152be5
-
SHA256
6915bde6ef5408870b2ccb6d578a4a0d753a2f6df3e286a41dbd68aaee70ba82
-
SHA512
379566c8a8f9290996d3c4ca241923032eb040434e07970b477cc8e5be3365c63a827ea37d4c2fe8ad1c717ae3a4bb1bdb7c37d5e9fb16766202d86fb5231e89
-
SSDEEP
12288:iww6xvH9M3Ir55+JpWQbe6Ef4D+2u+4gnflehWH:inKP9M4r55+JAQGf4D+2tleAH
Score10/10-
Quasar family
-
Quasar payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-