General
-
Target
Долговая нагрузка.exe
-
Size
3.7MB
-
Sample
241216-qegsxsskam
-
MD5
a6be8a62c7f7d595db6ac9dc6e93da02
-
SHA1
5f2e5d543b91a01055ab1263611c9df49e2a5e45
-
SHA256
4fa2387a8a7d3c19888b5a07b5897f344be8e4364d5f5130f257715ad2a97fca
-
SHA512
e6abac83f4e29cd344d22bde4a0835917c0e6636888f17394dca4ac7632f79cbc66ed25d800cb58aea46009a5d26cab847efd864a87972cb42512f1cc43cb7dc
-
SSDEEP
98304:fcEeb0vNmYtGKMlmlywp5zE4LMXNoyhEqf+swZc8XRn:EEeb0vvAKMlmgwp244dphW9ZxRn
Static task
static1
Malware Config
Extracted
quasar
1.4.1
9-12
crostech.ru:4782
0676955f-264f-4ab3-b171-6c6abc3ad662
-
encryption_key
DD459BB92A43EF8EEB2FE401C8453F685AECE590
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Долговая нагрузка.exe
-
Size
3.7MB
-
MD5
a6be8a62c7f7d595db6ac9dc6e93da02
-
SHA1
5f2e5d543b91a01055ab1263611c9df49e2a5e45
-
SHA256
4fa2387a8a7d3c19888b5a07b5897f344be8e4364d5f5130f257715ad2a97fca
-
SHA512
e6abac83f4e29cd344d22bde4a0835917c0e6636888f17394dca4ac7632f79cbc66ed25d800cb58aea46009a5d26cab847efd864a87972cb42512f1cc43cb7dc
-
SSDEEP
98304:fcEeb0vNmYtGKMlmlywp5zE4LMXNoyhEqf+swZc8XRn:EEeb0vvAKMlmgwp244dphW9ZxRn
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1