General
-
Target
Ton618.exe
-
Size
6.6MB
-
Sample
241224-bqt53axnhs
-
MD5
fa55ec4c1f2bde276ead921187cf36c1
-
SHA1
ed2ba8a4c96f4f473e13baae9f6057bcdb043519
-
SHA256
b32538fc97c82d2e3623d1b3ea1b7daa8948399da29651a6350bb598d183027c
-
SHA512
6941dc68fa19375f6882c3cd6cd34fa5db6de8a421194207ed076f8272e256269b923a52c8141001204d87df288179ab7d3e5fc459e031c0c64a1dbc06fe43b1
-
SSDEEP
49152:YEBm0Yz3KSzjhnbv5+/GSJFDdykdb2FXu7J2xePZaTohmxksuO+zTzuISFYUaGxE:YEBm0YpbvaDJFDdtbF1Z08Uxvs641/
Malware Config
Extracted
quasar
-
encryption_key
6DC75341715F183F008C5D5A26E1967745A885D9
-
reconnect_delay
3000
Targets
-
-
Target
Ton618.exe
-
Size
6.6MB
-
MD5
fa55ec4c1f2bde276ead921187cf36c1
-
SHA1
ed2ba8a4c96f4f473e13baae9f6057bcdb043519
-
SHA256
b32538fc97c82d2e3623d1b3ea1b7daa8948399da29651a6350bb598d183027c
-
SHA512
6941dc68fa19375f6882c3cd6cd34fa5db6de8a421194207ed076f8272e256269b923a52c8141001204d87df288179ab7d3e5fc459e031c0c64a1dbc06fe43b1
-
SSDEEP
49152:YEBm0Yz3KSzjhnbv5+/GSJFDdykdb2FXu7J2xePZaTohmxksuO+zTzuISFYUaGxE:YEBm0YpbvaDJFDdtbF1Z08Uxvs641/
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-