General
-
Target
jerniuiopu.exe
-
Size
288KB
-
Sample
241216-hfrqhsznck
-
MD5
d0d7ce7681200387de77c7ab2e2841cd
-
SHA1
8b6c4315e260954b6c33f450ad3baa9f79fe72e2
-
SHA256
b64b141eb3b3fa67f6605eb99b0e6f78eb5df7d483a2a0889821ccfac71a7a96
-
SHA512
bc3cfac3450cbc17ce8c9758f10c7e4034764f40a6797edd4a8eb6e95d6db9c5f46a46487a6e483ef0eed23243e9f92c0ea391a0416ebbc6854e2b9914ad9788
-
SSDEEP
6144:w7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbk9n:OlJtTF9zVGkllbkh
Behavioral task
behavioral1
Sample
jerniuiopu.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.0.0
Office
82.117.243.110:5173
yfsS9ida0wX8mgpdJC
-
encryption_key
KDNBgA8jiBeGX1rj1dDt
-
install_name
csrss.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
NET framework
-
subdirectory
SubDir
Targets
-
-
Target
jerniuiopu.exe
-
Size
288KB
-
MD5
d0d7ce7681200387de77c7ab2e2841cd
-
SHA1
8b6c4315e260954b6c33f450ad3baa9f79fe72e2
-
SHA256
b64b141eb3b3fa67f6605eb99b0e6f78eb5df7d483a2a0889821ccfac71a7a96
-
SHA512
bc3cfac3450cbc17ce8c9758f10c7e4034764f40a6797edd4a8eb6e95d6db9c5f46a46487a6e483ef0eed23243e9f92c0ea391a0416ebbc6854e2b9914ad9788
-
SSDEEP
6144:w7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbk9n:OlJtTF9zVGkllbkh
-
Quasar family
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-