General
-
Target
Uni.bat
-
Size
253KB
-
Sample
240624-239z6azgjr
-
MD5
6116316574a1311a2e768ef21255430d
-
SHA1
684dec7251dbacf3e3b5a3cac0492df268f7f9a3
-
SHA256
f975a314f9f0ac6527acf5098bd0c9ce8800c05b83ce3c5af01c1cb8e3bbbd5b
-
SHA512
daf318e0dde57bf13b2b30bdff1556749caf3ebda2cffd5ead57c2c998aae763214226121f02996d48bcea54d53b9c2c352c21a8638b0d42f36c8f41896be2f2
-
SSDEEP
3072:PfaskbNKw91ey00VTUsMHdJmMQ5C6QCf8qb/qV3/PJHnigpqoineD/QrM47f9Jms:nef9NVbkd5UzZfYh6n7P7KK2X78EM
Static task
static1
Behavioral task
behavioral1
Sample
Uni.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Uni.bat
Resource
win10v2004-20240611-en
Malware Config
Extracted
quasar
3.0.1
Office04
wireless-boston.gl.at.ply.gg:41366
QSR_MUTEX_W1ckGYHOGswdBegmKd
-
encryption_key
QbY1WN4Surh1trMXzt97
-
install_name
system.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system
-
subdirectory
SubDir
Targets
-
-
Target
Uni.bat
-
Size
253KB
-
MD5
6116316574a1311a2e768ef21255430d
-
SHA1
684dec7251dbacf3e3b5a3cac0492df268f7f9a3
-
SHA256
f975a314f9f0ac6527acf5098bd0c9ce8800c05b83ce3c5af01c1cb8e3bbbd5b
-
SHA512
daf318e0dde57bf13b2b30bdff1556749caf3ebda2cffd5ead57c2c998aae763214226121f02996d48bcea54d53b9c2c352c21a8638b0d42f36c8f41896be2f2
-
SSDEEP
3072:PfaskbNKw91ey00VTUsMHdJmMQ5C6QCf8qb/qV3/PJHnigpqoineD/QrM47f9Jms:nef9NVbkd5UzZfYh6n7P7KK2X78EM
-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-