General
-
Target
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe
-
Size
341KB
-
Sample
241218-jq8x8a1pfn
-
MD5
b8507ead18b15a807cafd59c14315120
-
SHA1
0035b089f47d010865b1792e1e8b3774e292f710
-
SHA256
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ec
-
SHA512
80257e8a53e173cd218bb48c9b7cfad6dddb99234c2babef4b0ae1e219b42e1ef47a4851210aa5ec3a52e82da4412b488142ec4d4345e65fa8e7385eb5b655ce
-
SSDEEP
6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep0:m19KIonkditIoufI0
Behavioral task
behavioral1
Sample
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.3.0.0
CHAMUTLDA
xowite7203-56864.portmap.host:56864
QSR_MUTEX_b1MzVBeB2fgsMGAB8R
-
encryption_key
A4r7dFvwva7oUnxJWxHI
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System
-
subdirectory
System32
Targets
-
-
Target
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe
-
Size
341KB
-
MD5
b8507ead18b15a807cafd59c14315120
-
SHA1
0035b089f47d010865b1792e1e8b3774e292f710
-
SHA256
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ec
-
SHA512
80257e8a53e173cd218bb48c9b7cfad6dddb99234c2babef4b0ae1e219b42e1ef47a4851210aa5ec3a52e82da4412b488142ec4d4345e65fa8e7385eb5b655ce
-
SSDEEP
6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep0:m19KIonkditIoufI0
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-