General
-
Target
cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f
-
Size
3.1MB
-
Sample
241217-tbq4zasmhx
-
MD5
dd7a806c734df62ecf4802977fa0b3e9
-
SHA1
42eae42e0fcfe9d9a54e493a670adde5241377da
-
SHA256
cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f
-
SHA512
0f8e2e565b40baabdde4018db57e06aee8e8dfeb4b1491e8e02e56a20e6b55bc1130ed74a702c35e043d4886af969af5d8ca26f5caeb0e96694982ecfbc80bbf
-
SSDEEP
49152:yvkt62XlaSFNWPjljiFa2RoUYIO8RJ6IbR3LoGdaTHHB72eh2NT:yv462XlaSFNWPjljiFXRoUYIO8RJ6i
Behavioral task
behavioral1
Sample
cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
Aryszx
Apichat:4782
181f4a12-4cad-46a9-9896-1001033c5b69
-
encryption_key
F4F359BEF442D9221F73F7D64267E0E300CC68CE
-
install_name
Runtime Broker.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
Runtime Broker
Targets
-
-
Target
cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f
-
Size
3.1MB
-
MD5
dd7a806c734df62ecf4802977fa0b3e9
-
SHA1
42eae42e0fcfe9d9a54e493a670adde5241377da
-
SHA256
cca1725d99ffece2b6c33414d35f12079a32f6c86feed3c25e73065844f00c9f
-
SHA512
0f8e2e565b40baabdde4018db57e06aee8e8dfeb4b1491e8e02e56a20e6b55bc1130ed74a702c35e043d4886af969af5d8ca26f5caeb0e96694982ecfbc80bbf
-
SSDEEP
49152:yvkt62XlaSFNWPjljiFa2RoUYIO8RJ6IbR3LoGdaTHHB72eh2NT:yv462XlaSFNWPjljiFXRoUYIO8RJ6i
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-