General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1294340651575541884/1318993323024846943/picgnp.scr?ex=676457c1&is=67630641&hm=9b669ca6030e1ce5b855d034bfd60486448feab2de1dee98bd5a91f14c6ca4d4&
Resource
win10v2004-20241007-en
20 signatures
150 seconds
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Image
C2
192.168.56.1:4782
Mutex
312bce56-67e9-4c48-a27a-de306b9dad89
Attributes
-
encryption_key
691E85B569FC3C88790A081979AAACDC8A8F7C98
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1294340651575541884/1318993323024846943/picgnp.scr?ex=676457c1&is=67630641&hm=9b669ca6030e1ce5b855d034bfd60486448feab2de1dee98bd5a91f14c6ca4d4&
-
Quasar family
-
Quasar payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-