General
-
Target
Neo.bat
-
Size
272KB
-
Sample
240628-3yyl1awakg
-
MD5
7e4958f049e5dac26748252f3447d3a3
-
SHA1
ee9dcf7b4eb963547edc6adb524e70a20a29aa03
-
SHA256
afd1e3df846e293a28e0cbf7c2d75d14b2741870f4f4d9821a52eb8444ccf182
-
SHA512
b0c40b52ae2543dad9db1b6dd1bd3b13407843715ad0f419d7520b90bb4aed6235187a9baf1bbe7b852c4e39911e65150ef28455a8e52225bc04ab4b8bc39160
-
SSDEEP
6144:l73aNpEWlF7vxuEGAM5sfaHX+Of9iGUfKNjkXtYEgXoTb2k:lLmEWJjMi0X3ViGUf8ctVaY
Static task
static1
Behavioral task
behavioral1
Sample
Neo.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Neo.bat
Resource
win10v2004-20240508-en
Malware Config
Extracted
quasar
1.1.0
Slave
runderscore00-42512.portmap.io:42512
QSR_MUTEX_aYgVTolyJfnSo2kPQj
-
encryption_key
Yf65C7zFbniWDCy7fhUm
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Neo.bat
-
Size
272KB
-
MD5
7e4958f049e5dac26748252f3447d3a3
-
SHA1
ee9dcf7b4eb963547edc6adb524e70a20a29aa03
-
SHA256
afd1e3df846e293a28e0cbf7c2d75d14b2741870f4f4d9821a52eb8444ccf182
-
SHA512
b0c40b52ae2543dad9db1b6dd1bd3b13407843715ad0f419d7520b90bb4aed6235187a9baf1bbe7b852c4e39911e65150ef28455a8e52225bc04ab4b8bc39160
-
SSDEEP
6144:l73aNpEWlF7vxuEGAM5sfaHX+Of9iGUfKNjkXtYEgXoTb2k:lLmEWJjMi0X3ViGUf8ctVaY
-
Quasar payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-