General
-
Target
ANYX-client-build.zip
-
Size
1.3MB
-
Sample
241221-ph16aszjbt
-
MD5
9c5fc6b5f2697761f24aa161566ea625
-
SHA1
1aa1f43f8ec33e7ebe58e2eae3620c127ede9118
-
SHA256
ecce2755fb5ea36f5c5c204d2f289a87909a1affcb3cebe7310d39617d860981
-
SHA512
355eafcf35c114a363ef4d5d1d2f64ac495f78ce60468fb5e6919fafe97dc3719d95a37553a4e092a224feba887f29f6c439195ac32652cc446c411cdb7e0c36
-
SSDEEP
24576:rj3xLbytPbe5ueSBfu5ehOm4XEtDtsXviD85XeTPUJIzLGzCZlfYMPMbh3bxubv:HB/ytPKpgYgkimeTPUKGYfXUbh3bxur
Malware Config
Extracted
quasar
1.4.1
Office04
rolok44419-55109.portmap.host:55109
0bcbf378-c5c6-4d35-b7db-11442a750cf2
-
encryption_key
A1C7F8E92E515420A946C210E4F8C886810ADBFD
-
install_name
AnyLoaderV4.9.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
SubDir
Targets
-
-
Target
ANYX-client-build/AnyLoaderV4.9.exe
-
Size
3.1MB
-
MD5
9a99be1ac8e21a3c4959702a02b25d6e
-
SHA1
55d6230481e90c8a2f9d09956c07e3db1d03a96d
-
SHA256
e26918aac1a313925a7aecdaeb1990788cd2e09e439cd3e5fe8d6babb89df0f1
-
SHA512
46ae9d4d95c89afb3ed987445dcf72c71e770e99c35759a724e963952784d518530b2829b856b7818a8bc226e35fa8f243e18e35da4d7169c44edc5303159ea4
-
SSDEEP
49152:rvelL26AaNeWgPhlmVqvMQ7XSKodL5mzSooGdw9THHB72eh2NT:rvOL26AaNeWgPhlmVqkQ7XSKodL0A
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-