General
-
Target
43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10.exe
-
Size
3.1MB
-
Sample
241217-c3m3ysyndr
-
MD5
f21aa436096afece0b8c39c36bf4a9ab
-
SHA1
976b74c6a4e59e59a812c06032aae71a0516236a
-
SHA256
43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10
-
SHA512
44500988e32db41452e83fcacfba7862fd1cc28ec1992b9040a408f155a5e6b416feb13dcf5afff690c615d51895476239575601cc255ecfb3973597ca13d15b
-
SSDEEP
49152:pvrI22SsaNYfdPBldt698dBcjHKO06CBxDPoGd9THHB72eh2NT:pvU22SsaNYfdPBldt6+dBcjH06O
Behavioral task
behavioral1
Sample
43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
WenzCordRat
nickhill112-22345.portmap.host:22345
7ee1db41-359a-46b2-bba3-791dc7cde5e1
-
encryption_key
985DB7D034DB1B5D52F524873569DDDE4080F31C
-
install_name
WenzCord.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update.exe
-
subdirectory
SubDir
Targets
-
-
Target
43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10.exe
-
Size
3.1MB
-
MD5
f21aa436096afece0b8c39c36bf4a9ab
-
SHA1
976b74c6a4e59e59a812c06032aae71a0516236a
-
SHA256
43e79ab56cd512db7348129670a3d2bbb652cae64ab7baca0320ab31390a3e10
-
SHA512
44500988e32db41452e83fcacfba7862fd1cc28ec1992b9040a408f155a5e6b416feb13dcf5afff690c615d51895476239575601cc255ecfb3973597ca13d15b
-
SSDEEP
49152:pvrI22SsaNYfdPBldt698dBcjHKO06CBxDPoGd9THHB72eh2NT:pvU22SsaNYfdPBldt6+dBcjH06O
Score10/10-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-