General
-
Target
iis_Stupid_Menu.dll
-
Size
843KB
-
Sample
241204-ycbswstjfm
-
MD5
e36f1425887cc291fc976040ca4527c4
-
SHA1
123b9d1641539072c1ec3b71eb11aeee792447dc
-
SHA256
be197dd6a8bdd291378a2f60bd0ec33d4deda2899129310017c38b05f1070efb
-
SHA512
ebf9c6a182256ce4cdff1c6b1557c9747d2b7565962f88f021e839cc173fc8977fdedfef3189494faaf855f0cc8d1d4d7e8c89ad19af8b6f3d211d37c477b804
-
SSDEEP
12288:/1xj6/IBi+7tRmKnGj/olHFn4i4KF8EbV7Me:HjvUstRn2/olHFb7F8SV7Me
Static task
static1
Behavioral task
behavioral1
Sample
iis_Stupid_Menu.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
iis_Stupid_Menu.dll
Resource
win11-20241007-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.48:4782
33376e96-8fb8-4154-bd0a-fd0f58f69afe
-
encryption_key
9DE7C466D5C89B4DCD53772026AFA9FDFA35108F
-
install_name
phantomX injector.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
iis_Stupid_Menu.dll
-
Size
843KB
-
MD5
e36f1425887cc291fc976040ca4527c4
-
SHA1
123b9d1641539072c1ec3b71eb11aeee792447dc
-
SHA256
be197dd6a8bdd291378a2f60bd0ec33d4deda2899129310017c38b05f1070efb
-
SHA512
ebf9c6a182256ce4cdff1c6b1557c9747d2b7565962f88f021e839cc173fc8977fdedfef3189494faaf855f0cc8d1d4d7e8c89ad19af8b6f3d211d37c477b804
-
SSDEEP
12288:/1xj6/IBi+7tRmKnGj/olHFn4i4KF8EbV7Me:HjvUstRn2/olHFb7F8SV7Me
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-