General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1235717850421788722/1235733432848617472/ArgonCracked.rar?ex=676c93f1&is=676b4271&hm=6203d75403f7faae67d6ed0ddefff01f7a2b92a1a6bbbdae121637e8094bb4c9&
Resource
win11-20241007-en
windows11-21h2-x64
21 signatures
150 seconds
Malware Config
Extracted
Family
quasar
Version
3.1.5
Botnet
Slave
C2
even-lemon.gl.at.ply.gg:33587
Mutex
$Sxr-3vDee7FzoJnhqjuE3n
Attributes
-
encryption_key
BfQu2aop09VkjugTkmuc
-
install_name
$sxr-powershell.exe
-
log_directory
Logs
-
reconnect_delay
1000
-
startup_key
$sxr-powershell
-
subdirectory
Windows
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1235717850421788722/1235733432848617472/ArgonCracked.rar?ex=676c93f1&is=676b4271&hm=6203d75403f7faae67d6ed0ddefff01f7a2b92a1a6bbbdae121637e8094bb4c9&
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-