General
-
Target
b8494a5132217091e54397571abe6d1ee07b4e136105b834b9dbf3c4edc8ee99N.exe
-
Size
5KB
-
Sample
241216-axy7xsvlgv
-
MD5
dbfaaadeb507446fe65aa09ffc3570d0
-
SHA1
84ee588f8db2217b56e3c20a13ecf161318c56ca
-
SHA256
b8494a5132217091e54397571abe6d1ee07b4e136105b834b9dbf3c4edc8ee99
-
SHA512
fd6d89450b312b26fda6070a5b14dedc801b7299c70f8a022a3fa17855650316e0ab0f9e6bb727ad058c8fd8a38e299926e78adadbda966e3312f818c2b1b1c8
-
SSDEEP
96:AT6gFs60Dctksx+3NqjH+EsUbmPfAFzNt:4kz+ToN6eEsUyK
Static task
static1
Behavioral task
behavioral1
Sample
b8494a5132217091e54397571abe6d1ee07b4e136105b834b9dbf3c4edc8ee99N.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.3.0.0
TEAM
win32updates.DUCKDNS.ORG:12
QSR_MUTEX_4XlJYd3sYkHLvFZyoo
-
encryption_key
i5XqKfOlwBlh9rS0kdDD
-
install_name
winrar.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
winrar
-
subdirectory
winrar
Targets
-
-
Target
b8494a5132217091e54397571abe6d1ee07b4e136105b834b9dbf3c4edc8ee99N.exe
-
Size
5KB
-
MD5
dbfaaadeb507446fe65aa09ffc3570d0
-
SHA1
84ee588f8db2217b56e3c20a13ecf161318c56ca
-
SHA256
b8494a5132217091e54397571abe6d1ee07b4e136105b834b9dbf3c4edc8ee99
-
SHA512
fd6d89450b312b26fda6070a5b14dedc801b7299c70f8a022a3fa17855650316e0ab0f9e6bb727ad058c8fd8a38e299926e78adadbda966e3312f818c2b1b1c8
-
SSDEEP
96:AT6gFs60Dctksx+3NqjH+EsUbmPfAFzNt:4kz+ToN6eEsUyK
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-