General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240614-x33hvswhkk
-
MD5
9abdce6ec4f27873749cccb4dae52b53
-
SHA1
944c8b1ac044ebeed7bb6e48d298bd854a51aa90
-
SHA256
e0d396037b18c874e161306d18d44dccf9fcd7f3b0bb054e354478eb93767701
-
SHA512
ec5e6c6fdd94c4cba375fd33601809733dbd345644c8540eeb1de7385683833d77aef4bfb936d41cfa57508d362fcce7bfa520b4d2c405291dbafa3d36b14d98
-
SSDEEP
49152:zvZI22SsaNYfdPBldt698dBcjHNBR16ibR3eoGddTHHB72eh2NT:zva22SsaNYfdPBldt6+dBcjHNBR16l
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.1
Office04
`147.185.221.18:1358
973de4bb-9630-4798-badb-35c53e068b10
-
encryption_key
1F7D88978B03E5C08F9DEDBD0A0F2EF673BE9527
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
9abdce6ec4f27873749cccb4dae52b53
-
SHA1
944c8b1ac044ebeed7bb6e48d298bd854a51aa90
-
SHA256
e0d396037b18c874e161306d18d44dccf9fcd7f3b0bb054e354478eb93767701
-
SHA512
ec5e6c6fdd94c4cba375fd33601809733dbd345644c8540eeb1de7385683833d77aef4bfb936d41cfa57508d362fcce7bfa520b4d2c405291dbafa3d36b14d98
-
SSDEEP
49152:zvZI22SsaNYfdPBldt698dBcjHNBR16ibR3eoGddTHHB72eh2NT:zva22SsaNYfdPBldt6+dBcjHNBR16l
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-