General
-
Target
7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053N.exe
-
Size
2.8MB
-
Sample
241216-wmm8kaxnfp
-
MD5
4a1c798e636efe865b30ec8576fd6200
-
SHA1
ee37036fd610ebc79cb119b0094143fbb521989b
-
SHA256
7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053
-
SHA512
60da6dfcfc431855d3316f263c7d0fec8ff363fe55f1847c7ab4ec5095a7f793653849cb2253b1dbb6de8d7d9bb7829a040ebe2e77fb72c2a102e677df63e4a3
-
SSDEEP
49152:B/mf57XLMVRp8NsPUtugv4p+hfXq9C4RJjMuRGYd34rgReGKw7CKQ3:CMVoscup+hSfRJwtWmPnw7CF
Behavioral task
behavioral1
Sample
7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053N.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Plmso
110.42.3.134:4782
41ace1c3-9f4e-4d35-93fb-096ede244c3e
-
encryption_key
980DB384AAAF5B8591D5B450BFA39547F61611DC
-
install_name
System.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System
-
subdirectory
SubDir
Targets
-
-
Target
7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053N.exe
-
Size
2.8MB
-
MD5
4a1c798e636efe865b30ec8576fd6200
-
SHA1
ee37036fd610ebc79cb119b0094143fbb521989b
-
SHA256
7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053
-
SHA512
60da6dfcfc431855d3316f263c7d0fec8ff363fe55f1847c7ab4ec5095a7f793653849cb2253b1dbb6de8d7d9bb7829a040ebe2e77fb72c2a102e677df63e4a3
-
SSDEEP
49152:B/mf57XLMVRp8NsPUtugv4p+hfXq9C4RJjMuRGYd34rgReGKw7CKQ3:CMVoscup+hSfRJwtWmPnw7CF
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-