Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-12-2024 11:30
Static task
static1
Behavioral task
behavioral1
Sample
0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd.exe
Resource
win7-20240903-en
General
-
Target
0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd.exe
-
Size
5.9MB
-
MD5
b76667c1f978c6c98bbba2dfd7e315d2
-
SHA1
570de2264b32de819e7f02d6d5c8d4ce15277107
-
SHA256
0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd
-
SHA512
6748b3cbd7ba55896d9ca767e83503cbfabbcfa0e47f83a4034a2a7ef255ec9adcdca38f5d5a0ee86cfcfd2cebd75990d740ec87a1554f4d4c96995748b8a77e
-
SSDEEP
98304:6+MUi7WbyjWfmd5hjVAlVZCBLJ/KwiNElydmw+q2Sg4:TMVzjWyj51TiNEmmwOSg4
Malware Config
Extracted
quasar
1.4.1
Staking
51.15.17.193:4782
ff4f56ac-24e1-40ed-bb5c-e0b45b489ee4
-
encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule behavioral1/memory/2668-1-0x000000001C380000-0x000000001C6A4000-memory.dmp family_quasar -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2668 0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd.exe