General
-
Target
B.exe
-
Size
348KB
-
Sample
241212-vm58psspfr
-
MD5
a7062afc04eb9faba65626cc931c8a02
-
SHA1
6e9e65253cb693a786b43ae863c8294e09af189b
-
SHA256
04819d6129cf70696bb6c402127ea66208dbf2d6996ab9faca205b0ecfe33ca7
-
SHA512
17135b9f02f8cc5fe281c77ed618461cce97acf9aa6aa9741ed0e9bee61e01343830d86c498892855e7000c93d1997a8ebc3f62cbb655ba79e672344587b5b36
-
SSDEEP
6144:wmqQ4i1FFiEKkWAOrEdbJpjYYTLQn6LK2EM8O:Pplikm+UYPQn6LKnM8O
Behavioral task
behavioral1
Sample
B.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.3.0.0
Test
4.tcp.eu.ngrok.io:8080
4.tcp.eu.ngrok.io:16210
QSR_MUTEX_Nf297179RoX9PEGnGN
-
encryption_key
6GgXmwACZXvigXZxSjrr
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
B.exe
-
Size
348KB
-
MD5
a7062afc04eb9faba65626cc931c8a02
-
SHA1
6e9e65253cb693a786b43ae863c8294e09af189b
-
SHA256
04819d6129cf70696bb6c402127ea66208dbf2d6996ab9faca205b0ecfe33ca7
-
SHA512
17135b9f02f8cc5fe281c77ed618461cce97acf9aa6aa9741ed0e9bee61e01343830d86c498892855e7000c93d1997a8ebc3f62cbb655ba79e672344587b5b36
-
SSDEEP
6144:wmqQ4i1FFiEKkWAOrEdbJpjYYTLQn6LK2EM8O:Pplikm+UYPQn6LKnM8O
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-