General
-
Target
XBinderOutput.exe
-
Size
10.6MB
-
Sample
240615-x6vx7awfjl
-
MD5
d877c0cbea92f5f2ed48793db8b30597
-
SHA1
3e971944a5d7bedfabffab03df9148e96c6a7ee8
-
SHA256
ed3a9a451a197ca4c22b82baade0def699b2204550ec6d06abac441cb4c42e9d
-
SHA512
6f1dfc1168be706307289a656909cc14f7d6c90636bdc52ade21962581182c8e7925bd1bf8af531c7ae6cec736af2970efa3fd699d31bc0216bd1b77af7f1e34
-
SSDEEP
196608:yIMn+apPA83Qk3S0zbYqKUNjL5YHj9jMsqpjP5OVn6Ms9KQ1iTVrgte8kzVY9FSP:fMn+aNGsp/5YHjasYQVn6JMQE5IkzVao
Static task
static1
Behavioral task
behavioral1
Sample
XBinderOutput.exe
Resource
win7-20240508-en
Malware Config
Extracted
quasar
1.4.1
Office04
team-circles.gl.at.ply.gg:25349
afe43634-c51c-4666-976a-2703024afea6
-
encryption_key
78AF43F549EE55D0FC30D38EC96EAA6F3A3F5CDF
-
install_name
Runtime Broker.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Runtime Broker
-
subdirectory
WD Defender
Targets
-
-
Target
XBinderOutput.exe
-
Size
10.6MB
-
MD5
d877c0cbea92f5f2ed48793db8b30597
-
SHA1
3e971944a5d7bedfabffab03df9148e96c6a7ee8
-
SHA256
ed3a9a451a197ca4c22b82baade0def699b2204550ec6d06abac441cb4c42e9d
-
SHA512
6f1dfc1168be706307289a656909cc14f7d6c90636bdc52ade21962581182c8e7925bd1bf8af531c7ae6cec736af2970efa3fd699d31bc0216bd1b77af7f1e34
-
SSDEEP
196608:yIMn+apPA83Qk3S0zbYqKUNjL5YHj9jMsqpjP5OVn6Ms9KQ1iTVrgte8kzVY9FSP:fMn+aNGsp/5YHjasYQVn6JMQE5IkzVao
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-