General
-
Target
Loader.exe
-
Size
9.8MB
-
Sample
240627-cp8shaxeke
-
MD5
dd7a3870e3db2dd4bd95fef1be8f8d57
-
SHA1
d256e208a055db0669a6198c46df9811d2f6c580
-
SHA256
7bf0ba077316040ee76a180ab82b5ebeb7b3f50eb9be8d2e8d7a1b3da8974b15
-
SHA512
dfeb7c5fcb89823c2bd8478ba4f8d9b434481689348bd74d39fde5eead2f59f5920822dbe868ea813d877796b4cc2360b9eb65c1a896046c7f7cc1132b92d879
-
SSDEEP
196608:VayukxarCvuYRMtUZmzV1vDnPdcva1TFxk802JWTQvSqDHwxN98B:Y8oC2YRMtlvDnPivaprk804B
Static task
static1
Malware Config
Extracted
quasar
1.4.1
Office04
history-foo.gl.at.ply.gg:42349
2beddbf7-c691-4058-94c7-f54389b4a581
-
encryption_key
CBFC5D217E55BEBDCD3A6EFA924299F76BC328D9
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
Loader.exe
-
Size
9.8MB
-
MD5
dd7a3870e3db2dd4bd95fef1be8f8d57
-
SHA1
d256e208a055db0669a6198c46df9811d2f6c580
-
SHA256
7bf0ba077316040ee76a180ab82b5ebeb7b3f50eb9be8d2e8d7a1b3da8974b15
-
SHA512
dfeb7c5fcb89823c2bd8478ba4f8d9b434481689348bd74d39fde5eead2f59f5920822dbe868ea813d877796b4cc2360b9eb65c1a896046c7f7cc1132b92d879
-
SSDEEP
196608:VayukxarCvuYRMtUZmzV1vDnPdcva1TFxk802JWTQvSqDHwxN98B:Y8oC2YRMtlvDnPivaprk804B
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-