General
-
Target
x.ps1
-
Size
2.0MB
-
Sample
241218-lcxddatrgl
-
MD5
97646b99bb7245a7be3bbe8a0ff06348
-
SHA1
33edac8a75cac4a0a1d084174b3dc912b9744386
-
SHA256
3496b253962f9fad33450751e615e676ad8f847d11c50df45a35647b2534755d
-
SHA512
066b635e03bf515f75327388d7118560fbf84fe4d5b64740c3b5a101123650ccb9d9252597301b78bf3a4849a57d73bd3f12192531e856fc6fbbce4b66571b2b
-
SSDEEP
24576:bSgmuyXfET5YN3b2LLG1z/7E4/KpdMJczdsrbI8:biMSNKLq1zjA2
Static task
static1
Behavioral task
behavioral1
Sample
x.ps1
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.3.0.0
MuGz
feature-ssa.mywire.org:1177
QSR_MUTEX_nCFXZUEaa8h2uJHNCI
-
encryption_key
1aBF7porNDMtf63sHjM2
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
x.ps1
-
Size
2.0MB
-
MD5
97646b99bb7245a7be3bbe8a0ff06348
-
SHA1
33edac8a75cac4a0a1d084174b3dc912b9744386
-
SHA256
3496b253962f9fad33450751e615e676ad8f847d11c50df45a35647b2534755d
-
SHA512
066b635e03bf515f75327388d7118560fbf84fe4d5b64740c3b5a101123650ccb9d9252597301b78bf3a4849a57d73bd3f12192531e856fc6fbbce4b66571b2b
-
SSDEEP
24576:bSgmuyXfET5YN3b2LLG1z/7E4/KpdMJczdsrbI8:biMSNKLq1zjA2
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-