General
-
Target
burpsuite2.2.3.EXE
-
Size
208.5MB
-
Sample
241217-1svbaazrcj
-
MD5
460086865d75f8d8f8d54e742d0656b0
-
SHA1
cd71c90b408830ae89b48a3461024dc95a940f3b
-
SHA256
b488a4eb81c8327a60690f68d767016b3197341917faacc0b398fce5d0dac4ac
-
SHA512
c961d1f9733925823b5308aff2e53f5446f9c43689f861c1c88f0e13726b6be8f053d59b35ae6a55fe3d1ff02336a942a432dc2bc9b8b55aa5fda421aa88fded
-
SSDEEP
3145728:71osewEwZ01WNfNh32OWCkJoCGGz3xdjEFlv6xIirbJuecrstRyRBRfSqa2tErKl:+3YtmOWCkh3PjGl8bJcA8HKWEuxp5HT
Static task
static1
Malware Config
Extracted
quasar
1.3.0.0
data
datalett.ddns.net:4444
QSR_MUTEX_hzYSE6QTCu4NH4iCzb
-
encryption_key
CQFMtoja6aYivVz7BMEo
-
install_name
svhostt.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svhostt
-
subdirectory
SubDir
Targets
-
-
Target
burpsuite2.2.3.EXE
-
Size
208.5MB
-
MD5
460086865d75f8d8f8d54e742d0656b0
-
SHA1
cd71c90b408830ae89b48a3461024dc95a940f3b
-
SHA256
b488a4eb81c8327a60690f68d767016b3197341917faacc0b398fce5d0dac4ac
-
SHA512
c961d1f9733925823b5308aff2e53f5446f9c43689f861c1c88f0e13726b6be8f053d59b35ae6a55fe3d1ff02336a942a432dc2bc9b8b55aa5fda421aa88fded
-
SSDEEP
3145728:71osewEwZ01WNfNh32OWCkJoCGGz3xdjEFlv6xIirbJuecrstRyRBRfSqa2tErKl:+3YtmOWCkh3PjGl8bJcA8HKWEuxp5HT
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
5Remote System Discovery
1System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1