General
-
Target
Neo.exe
-
Size
348KB
-
Sample
240628-3za74awalg
-
MD5
1e7a43037ad795c85258f3543636cae6
-
SHA1
634d8def0e80e4791698d7e94b20dd8c5aba063c
-
SHA256
cdd44caceb600c73a01b95c572142a59a35a23b1fb8e8e70cf920140366d3d09
-
SHA512
443dc2ea997bc3dc51371313161ab9990ac3a1eed30cd2f414e08c9fdbc32c36a2b97813759b67394b3de8f19649256d8a1e1d87636efee065f8fc5487a71853
-
SSDEEP
6144:ILL3HRsM+OFZcAHCJbFnrMr1TuT8igmMu:OVP+Myry1TuT8igmMu
Behavioral task
behavioral1
Sample
Neo.exe
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
Neo.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
quasar
1.1.0
Slave
runderscore00-42512.portmap.io:42512
QSR_MUTEX_aYgVTolyJfnSo2kPQj
-
encryption_key
PK7SpR1WESSqHBwmTfVi
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Neo.exe
-
Size
348KB
-
MD5
1e7a43037ad795c85258f3543636cae6
-
SHA1
634d8def0e80e4791698d7e94b20dd8c5aba063c
-
SHA256
cdd44caceb600c73a01b95c572142a59a35a23b1fb8e8e70cf920140366d3d09
-
SHA512
443dc2ea997bc3dc51371313161ab9990ac3a1eed30cd2f414e08c9fdbc32c36a2b97813759b67394b3de8f19649256d8a1e1d87636efee065f8fc5487a71853
-
SSDEEP
6144:ILL3HRsM+OFZcAHCJbFnrMr1TuT8igmMu:OVP+Myry1TuT8igmMu
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-