General
-
Target
2024-06-19_90fa7689ebdca38d85f25cc6b6f72c47_icedid_quasar-rat_xrat
-
Size
4.7MB
-
Sample
240619-ge5qbazbnq
-
MD5
90fa7689ebdca38d85f25cc6b6f72c47
-
SHA1
34d27a5d2ced8d8bca9aa270a7a4c88e0eb4b588
-
SHA256
8429096a142bd8a48c53449b37a09754e1b005b4a5e6f431364eb6fb766c3455
-
SHA512
8ae9c7d7fadc20bc268a32d285bfd3cca042fa4400f24830c273724ee570c5b16becc0697939eec1837f6970404102e85172f831bc56b8eaa8d2d5572d3037bb
-
SSDEEP
98304:S0Cnq7jXvr22SsaNYfdPBldt6+dBcjHtKRJ6BUIbzZgIbzZY:6QM7jGIH9K
Behavioral task
behavioral1
Sample
2024-06-19_90fa7689ebdca38d85f25cc6b6f72c47_icedid_quasar-rat_xrat.exe
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-06-19_90fa7689ebdca38d85f25cc6b6f72c47_icedid_quasar-rat_xrat
-
Size
4.7MB
-
MD5
90fa7689ebdca38d85f25cc6b6f72c47
-
SHA1
34d27a5d2ced8d8bca9aa270a7a4c88e0eb4b588
-
SHA256
8429096a142bd8a48c53449b37a09754e1b005b4a5e6f431364eb6fb766c3455
-
SHA512
8ae9c7d7fadc20bc268a32d285bfd3cca042fa4400f24830c273724ee570c5b16becc0697939eec1837f6970404102e85172f831bc56b8eaa8d2d5572d3037bb
-
SSDEEP
98304:S0Cnq7jXvr22SsaNYfdPBldt6+dBcjHtKRJ6BUIbzZgIbzZY:6QM7jGIH9K
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-