General
-
Target
frehtgjtyujtyhtyj.exe
-
Size
3.1MB
-
Sample
240613-d88saawgqr
-
MD5
c4bcdf41ff03011cc03d14b924447225
-
SHA1
e0f8951c64c77531b383bcdf3b84e2d6b41b70a2
-
SHA256
e387a6be7c1369e5f61c5594955ece0eaf5e2a3ab8c55eb0943524de23ea5b13
-
SHA512
49bfd746a0db00bb404f252bc80ee1fcbe535a9c9e8138c9f05d4177f3a1cae126a1f0e7272a5e4b234000014fb820f5da946a05d60e53c4722a8dce307e3c1c
-
SSDEEP
49152:Nv/t62XlaSFNWPjljiFa2RoUYIMtmWmKoGdITHHB72eh2NT:NvV62XlaSFNWPjljiFXRoUYIMtmWF
Behavioral task
behavioral1
Sample
frehtgjtyujtyhtyj.exe
Resource
win7-20240508-en
Malware Config
Extracted
quasar
1.4.1
Office04
money-yields.gl.at.ply.gg:7415
f357cd9d-0193-4baa-a4ab-a8ecc081cc4a
-
encryption_key
E1BD3EC68D46CE94607738B70CCE811ABD63A3D7
-
install_name
YAYAY.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
frehtgjtyujtyhtyj.exe
-
Size
3.1MB
-
MD5
c4bcdf41ff03011cc03d14b924447225
-
SHA1
e0f8951c64c77531b383bcdf3b84e2d6b41b70a2
-
SHA256
e387a6be7c1369e5f61c5594955ece0eaf5e2a3ab8c55eb0943524de23ea5b13
-
SHA512
49bfd746a0db00bb404f252bc80ee1fcbe535a9c9e8138c9f05d4177f3a1cae126a1f0e7272a5e4b234000014fb820f5da946a05d60e53c4722a8dce307e3c1c
-
SSDEEP
49152:Nv/t62XlaSFNWPjljiFa2RoUYIMtmWmKoGdITHHB72eh2NT:NvV62XlaSFNWPjljiFXRoUYIMtmWF
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-