General
-
Target
2024-06-28_95b71f1e434be97a39998f49d32da40b_icedid_poet-rat_quasar-rat_xrat
-
Size
4.9MB
-
Sample
240629-aeck7syfrp
-
MD5
95b71f1e434be97a39998f49d32da40b
-
SHA1
ada21f3db506e3abb079b8cfb8c51a8924de2ed9
-
SHA256
1ae218c37667a4a96d4ce7e19b19a5a56fa17b112f3bf6e94e78671ad6077168
-
SHA512
c22511b254d29d22ea444cdf56ab9bb32a0e4d00c81b2d5e63a9394009ea7d4b747bc28a96cb845b62d998e91c3bcdf4f7e2dbaabc3f7dcdc92947b98c7e2559
-
SSDEEP
98304:2uhNyndYGvr22SsaNYfdPBldt6+dBcjHtKRJ6B6IbzZLRIbzZY:5cM7jGIRp+K
Behavioral task
behavioral1
Sample
2024-06-28_95b71f1e434be97a39998f49d32da40b_icedid_poet-rat_quasar-rat_xrat.exe
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-06-28_95b71f1e434be97a39998f49d32da40b_icedid_poet-rat_quasar-rat_xrat
-
Size
4.9MB
-
MD5
95b71f1e434be97a39998f49d32da40b
-
SHA1
ada21f3db506e3abb079b8cfb8c51a8924de2ed9
-
SHA256
1ae218c37667a4a96d4ce7e19b19a5a56fa17b112f3bf6e94e78671ad6077168
-
SHA512
c22511b254d29d22ea444cdf56ab9bb32a0e4d00c81b2d5e63a9394009ea7d4b747bc28a96cb845b62d998e91c3bcdf4f7e2dbaabc3f7dcdc92947b98c7e2559
-
SSDEEP
98304:2uhNyndYGvr22SsaNYfdPBldt6+dBcjHtKRJ6B6IbzZLRIbzZY:5cM7jGIRp+K
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
UPX dump on OEP (original entry point)
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-