General
-
Target
file.exe
-
Size
2.8MB
-
Sample
241208-s7hxssxqes
-
MD5
a4de831aec191850ac5b336069ce3d40
-
SHA1
df6263aae32913b94a1d45e9ba7f9124bcd5fe33
-
SHA256
0217b5932fcaf4679b2d394d5dd2f10775774d9e7b2d0679d6aace357e085cf8
-
SHA512
64dd2342b6f177b73be0d1ff2df5b1ab1dd12bc511e944345c60cc233e7812a01958a867bc05f3158312e3d5e20a7ce9bb1e1d7b87b37bef2f915e6b1e87d552
-
SSDEEP
49152:AxNkorvlIxM2zCY45vnOvRN39ELjD7xY0hJQh4CQubvWhNcCv59fykXDBFOedq:srblIxMnY45vOpNNELjD7xFJQh/QWvWL
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.1
vuictim
91.214.78.16:7000
42d886c4-74fa-480d-8b7e-5fe1ac03ba03
-
encryption_key
D72F5D077DE4AC156A670D7D920C697F5FB66FA8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft edge
-
subdirectory
SubDir
Targets
-
-
Target
file.exe
-
Size
2.8MB
-
MD5
a4de831aec191850ac5b336069ce3d40
-
SHA1
df6263aae32913b94a1d45e9ba7f9124bcd5fe33
-
SHA256
0217b5932fcaf4679b2d394d5dd2f10775774d9e7b2d0679d6aace357e085cf8
-
SHA512
64dd2342b6f177b73be0d1ff2df5b1ab1dd12bc511e944345c60cc233e7812a01958a867bc05f3158312e3d5e20a7ce9bb1e1d7b87b37bef2f915e6b1e87d552
-
SSDEEP
49152:AxNkorvlIxM2zCY45vnOvRN39ELjD7xY0hJQh4CQubvWhNcCv59fykXDBFOedq:srblIxMnY45vOpNNELjD7xFJQh/QWvWL
-
Quasar family
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-