General
-
Target
4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c.exe
-
Size
3.1MB
-
Sample
240617-bg88maxbpa
-
MD5
35dea5908c411c55232760a766992b4d
-
SHA1
803e87e294445707b2480e0f6eeb21990be7522e
-
SHA256
4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c
-
SHA512
37f37e706d7ba27a00d06f5d30ba881b3cf606a74b0472a404e76acad17e446cf22bdcddbe5b79fa73f457302c028aca46e971a97543d3d1784c2393bff91631
-
SSDEEP
49152:DvrI22SsaNYfdPBldt698dBcjHCdHLoGdgTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHCdr
Behavioral task
behavioral1
Sample
4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c.exe
Resource
win7-20240508-en
Malware Config
Extracted
quasar
1.4.1
Office04
hvhkcutuoujbobu672-22209.portmap.host:22209
979a24d1-1ef3-4416-baf8-bf96d2280aed
-
encryption_key
E634ECEC5FEC379E441CB9B04C771BAC550131B0
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
service 32
-
subdirectory
SubDir
Targets
-
-
Target
4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c.exe
-
Size
3.1MB
-
MD5
35dea5908c411c55232760a766992b4d
-
SHA1
803e87e294445707b2480e0f6eeb21990be7522e
-
SHA256
4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c
-
SHA512
37f37e706d7ba27a00d06f5d30ba881b3cf606a74b0472a404e76acad17e446cf22bdcddbe5b79fa73f457302c028aca46e971a97543d3d1784c2393bff91631
-
SSDEEP
49152:DvrI22SsaNYfdPBldt698dBcjHCdHLoGdgTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHCdr
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-