General
-
Target
Crunchyroll GEN_.exe
-
Size
3.1MB
-
Sample
241222-3fdh4s1qex
-
MD5
697aba2b3c2bc4028ad287b364101483
-
SHA1
4024c8f79c0e99f520ee4bbba87fef93e688ab97
-
SHA256
f65322422149c55e52509d96d6050a36618fd48379b65e340882c5b770370412
-
SHA512
b231d37d4df57cfe36275f8f1ed2e106dbf6619b295eabcc73518cf016c50860142c28697ac6a4d61973685fd28e37460493da27f153c130df440d1c2a28b5f0
-
SSDEEP
49152:65tesQb25VTAQ3wv9qspqyyDuVQFKCAdkuwiIak0LfNshLq:6PesQbUVcQAv9IzGKAdkoIhL
Static task
static1
Behavioral task
behavioral1
Sample
Crunchyroll GEN_.exe
Resource
win7-20240903-en
Malware Config
Extracted
quasar
1.4.1
testTSR
testTSR-35311.portmap.host:35311
b1c1e27b-0ae6-47f6-b162-8a3ca61fd7d0
-
encryption_key
3E520C89AF59AB576F107D67332A341C23090C0B
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Crunchyroll GEN_.exe
-
Size
3.1MB
-
MD5
697aba2b3c2bc4028ad287b364101483
-
SHA1
4024c8f79c0e99f520ee4bbba87fef93e688ab97
-
SHA256
f65322422149c55e52509d96d6050a36618fd48379b65e340882c5b770370412
-
SHA512
b231d37d4df57cfe36275f8f1ed2e106dbf6619b295eabcc73518cf016c50860142c28697ac6a4d61973685fd28e37460493da27f153c130df440d1c2a28b5f0
-
SSDEEP
49152:65tesQb25VTAQ3wv9qspqyyDuVQFKCAdkuwiIak0LfNshLq:6PesQbUVcQAv9IzGKAdkoIhL
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-