General
-
Target
d467f2d14bc21c2b361a485fa45998ce431e1b1a57ab2de2da583eda108baba9.zip
-
Size
32.7MB
-
Sample
241224-gh7n3sskew
-
MD5
a4727e2be65d5329cc7ec679a6c693ae
-
SHA1
0994665381dced61dd6054aa83dd86125efc8a94
-
SHA256
d467f2d14bc21c2b361a485fa45998ce431e1b1a57ab2de2da583eda108baba9
-
SHA512
c6de3735dc20deca3bd959a0a2fbc8c3948f6dc8a6cc3be49133d6b92edf9b048504e4a82fbcc4173e709a9e9eac964dbf9c37888dace3758b04146282d3f1a0
-
SSDEEP
786432:Pgi48KFglmpGp2Ey3CuYTRb4lFBXDorLwDUzZsParVbRE/4g:Pg/gyGp2E5ukb2dorUU2PeP0
Static task
static1
Behavioral task
behavioral1
Sample
dogger-qt-windows/dogger-cli.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dogger-qt-windows/dogger-cli.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
dogger-qt-windows/dogger-qt.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
dogger-qt-windows/dogger-qt.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
dogger-qt-windows/dogger-tx.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
dogger-qt-windows/dogger-tx.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
SenshiDoger
51.15.17.193:4782
88fce838-f835-4ecf-a564-130da9d982d9
-
encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Extracted
quasar
1.4.0.0
SenshiDogger
51.15.17.193:222
QUCCAE2FMOnnAHmsrK
-
encryption_key
en6dkTFiSUkKpYIDgQtE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
word
-
subdirectory
SubDir
Targets
-
-
Target
dogger-qt-windows/dogger-cli.exe
-
Size
2.0MB
-
MD5
8ec0cb1a3536a41842c6c848187f01ed
-
SHA1
4f99125bd35519eb52c8b1737823dfe5b1850663
-
SHA256
b441b7395cc59ee0e692f9dca627853a4e09a32d59564be75d560620e36c9715
-
SHA512
b966542a124e3a797505acb6697322c62d79ea0c9f031a5de61ed622c6bac32abc603d3254b48303fe4efcb13a79b43de065beebddcc6b754dad1bedbfeca428
-
SSDEEP
24576:xLhAoAIccJD6wHRWAJ00gyX2xylirEuq4WlFFlfr9NxPmKn6RUySZ:VhAdchv05yX2x+RuDWrFlJPYRUyS
Score1/10 -
-
-
Target
dogger-qt-windows/dogger-qt.exe
-
Size
83.6MB
-
MD5
3c607881c805adde0f4118f2fe5ea712
-
SHA1
72182ea0e810c18edec5dcca85efc277a51b91e7
-
SHA256
175a0366e2f3fa190b8f9a9a447f9b9efa679c36c394f3b8b0366e63c5df4cea
-
SHA512
9ebd2294651cb792450b1005a8c77806234b0dba4cdd09a92e1e2460a7170f27c2139c36af3c36202530cf8a24ddbe26f3425e5849a8053881fa214359289bfd
-
SSDEEP
393216:F4TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2k:FKRVQxhu0P8Lq1LEvxOOx5Sq
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
System Binary Proxy Execution: Regsvcs/Regasm
Abuse Regasm to proxy execution of malicious code.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
-
-
Target
dogger-qt-windows/dogger-tx.exe
-
Size
3.6MB
-
MD5
e26738feb17bc0eec9548a3fc831d89e
-
SHA1
508d27b6d43d93b85a3088a954436efcfc95240a
-
SHA256
cbdc3b3b4f12046d82892d5896c2dfdfec74afdd31a8fcd88591bf4a994895ac
-
SHA512
c47e579be314bc54af0710f4c6e50155c6098bca5b63ee91ffa3ae0e34ddbcf1bc76f9e480bd7120d2eb11ea1b2ef832375afe9eb06356c1b744cef8f57d44c2
-
SSDEEP
49152:zSgYFyeqz//DvplbcWPhAZ3n1kdXsHi1POi50f5ienWs0YGANMoywHhSC7LPz:zl1/DBaJumi5W2ANMoHHhrL
Score1/10 -