General
-
Target
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe
-
Size
3.1MB
-
Sample
241218-dvn6qa1jez
-
MD5
a813f565b05ee9df7e5db8dbbcc0fa43
-
SHA1
f508e738705163233b29ba54f4cb5ec4583d8df1
-
SHA256
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156
-
SHA512
adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e
-
SSDEEP
98304:aydj2yMy5en93hlLLzJjVrv3zs9Yv+Wcvy:pLYvzs9Yv+Wcv
Behavioral task
behavioral1
Sample
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe
Resource
win7-20240729-en
Malware Config
Extracted
quasar
1.4.0
Office04
microsoftsys.ddns.net:4782
67e0653d-eedf-4888-88ab-78e97eb2df27
-
encryption_key
23E5F6D22FEE1750D36544A759A48349B064BC34
-
install_name
PerfWatson1.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svhost
-
subdirectory
KDOT
Targets
-
-
Target
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe
-
Size
3.1MB
-
MD5
a813f565b05ee9df7e5db8dbbcc0fa43
-
SHA1
f508e738705163233b29ba54f4cb5ec4583d8df1
-
SHA256
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156
-
SHA512
adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e
-
SSDEEP
98304:aydj2yMy5en93hlLLzJjVrv3zs9Yv+Wcvy:pLYvzs9Yv+Wcv
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-