General
-
Target
2024-06-26_1878733d5f2872169c33653a1ac9b623_icedid_poet-rat_quasar-rat_xrat
-
Size
4.8MB
-
Sample
240626-a46kkstfqg
-
MD5
1878733d5f2872169c33653a1ac9b623
-
SHA1
738a018c2c738e93ffa6dce3932ee994aa7b11e3
-
SHA256
f181b5a4e2f0dc0cdf70e16c18e3466e436aae0bb96ef9b7dc24c7f219167115
-
SHA512
bc0d3a8a84efcc80b7768efc0b4071722bdfdbb63c9ea9b5e45089257ee527772dfb9f2a259d10abf8ecc54c1816917d5a527bbd87adca333543cb0f1610a4b9
-
SSDEEP
98304:EQfNOLY2uXHEvr22SsaNYfdPBldt6+dBcjHtKRJ6BJIbzZ3IbzZY:eQHSM7jGImWK
Behavioral task
behavioral1
Sample
2024-06-26_1878733d5f2872169c33653a1ac9b623_icedid_poet-rat_quasar-rat_xrat.exe
Resource
win7-20240220-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-06-26_1878733d5f2872169c33653a1ac9b623_icedid_poet-rat_quasar-rat_xrat
-
Size
4.8MB
-
MD5
1878733d5f2872169c33653a1ac9b623
-
SHA1
738a018c2c738e93ffa6dce3932ee994aa7b11e3
-
SHA256
f181b5a4e2f0dc0cdf70e16c18e3466e436aae0bb96ef9b7dc24c7f219167115
-
SHA512
bc0d3a8a84efcc80b7768efc0b4071722bdfdbb63c9ea9b5e45089257ee527772dfb9f2a259d10abf8ecc54c1816917d5a527bbd87adca333543cb0f1610a4b9
-
SSDEEP
98304:EQfNOLY2uXHEvr22SsaNYfdPBldt6+dBcjHtKRJ6BJIbzZ3IbzZY:eQHSM7jGImWK
-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-