General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
241218-g67c8aylbj
-
MD5
82222cff36f2c338159b23a7f18a4815
-
SHA1
8beccbb99e38248a080d5de1de8d87617ca428c2
-
SHA256
033d335780d49949daea53acdb1b3ef162efc4bf02233ca8cd9e8d0a6533c8ea
-
SHA512
ed1a66e9d925291b14131b129e28e02494d6a174b3abde8d724d35a502f805ef472e5a780d37ce0ed2548a5f7071afbccbbd769ff938e04458d7eb409371ef55
-
SSDEEP
49152:qUd1/DM2zv8aMlqCPwln5+Hjdh+EuvQ1VeiroGnGTHHB72eh2NTe:qUPrM2zEaMlqCPwln5+Ddh+Zvus
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
rat1
unitedrat.ddns.net:4782
5100ab61-a5a5-407f-af55-9e7766b9d637
-
encryption_key
AB7A97D9E0F9B0A44190A0D500EAB7AF37629802
-
install_name
System32.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System32
-
subdirectory
System32
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
82222cff36f2c338159b23a7f18a4815
-
SHA1
8beccbb99e38248a080d5de1de8d87617ca428c2
-
SHA256
033d335780d49949daea53acdb1b3ef162efc4bf02233ca8cd9e8d0a6533c8ea
-
SHA512
ed1a66e9d925291b14131b129e28e02494d6a174b3abde8d724d35a502f805ef472e5a780d37ce0ed2548a5f7071afbccbbd769ff938e04458d7eb409371ef55
-
SSDEEP
49152:qUd1/DM2zv8aMlqCPwln5+Hjdh+EuvQ1VeiroGnGTHHB72eh2NTe:qUPrM2zEaMlqCPwln5+Ddh+Zvus
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-