General
-
Target
Remove.bat
-
Size
409KB
-
Sample
240627-3v8b2asanm
-
MD5
feb685a6bc5600e4e3e5b291432e2071
-
SHA1
2073252bc7b2ceb812d3fc0ecb0f6c7d32089523
-
SHA256
bcc8bd5e2381123b28409b8281612d2f3be649e4d4b8d998a9e397db109f631d
-
SHA512
d87e0e384e79943de4e581b5b505f05b2e0dc3463279f03ceb6cfc54699c5f9e79bab7a0e277176be4eab7b7eadc450bf230af4163f65714a0d456d9288fc4dc
-
SSDEEP
6144:rMyPp5S6M1Xy0a+agLFaSoVWy/ItKlPb2LH0yDCG4vZ3UiOi9vXna56:Hpg6M1iuagLFB4WxAlKLGjhui9v3a56
Malware Config
Extracted
quasar
3.1.5
SeroXen
147.185.221.20:47638
$Sxr-5wL6M6vfG3ZS45okGB
-
encryption_key
Ss9r1xb2AT8fXYK3H0Z6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
Update32
-
subdirectory
SubDir
Targets
-
-
Target
Remove.bat
-
Size
409KB
-
MD5
feb685a6bc5600e4e3e5b291432e2071
-
SHA1
2073252bc7b2ceb812d3fc0ecb0f6c7d32089523
-
SHA256
bcc8bd5e2381123b28409b8281612d2f3be649e4d4b8d998a9e397db109f631d
-
SHA512
d87e0e384e79943de4e581b5b505f05b2e0dc3463279f03ceb6cfc54699c5f9e79bab7a0e277176be4eab7b7eadc450bf230af4163f65714a0d456d9288fc4dc
-
SSDEEP
6144:rMyPp5S6M1Xy0a+agLFaSoVWy/ItKlPb2LH0yDCG4vZ3UiOi9vXna56:Hpg6M1iuagLFB4WxAlKLGjhui9v3a56
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-