General
-
Target
f181b5a4e2f0dc0cdf70e16c18e3466e436aae0bb96ef9b7dc24c7f219167115.exe
-
Size
4.8MB
-
Sample
240629-ccvecaycka
-
MD5
1878733d5f2872169c33653a1ac9b623
-
SHA1
738a018c2c738e93ffa6dce3932ee994aa7b11e3
-
SHA256
f181b5a4e2f0dc0cdf70e16c18e3466e436aae0bb96ef9b7dc24c7f219167115
-
SHA512
bc0d3a8a84efcc80b7768efc0b4071722bdfdbb63c9ea9b5e45089257ee527772dfb9f2a259d10abf8ecc54c1816917d5a527bbd87adca333543cb0f1610a4b9
-
SSDEEP
98304:EQfNOLY2uXHEvr22SsaNYfdPBldt6+dBcjHtKRJ6BJIbzZ3IbzZY:eQHSM7jGImWK
Behavioral task
behavioral1
Sample
f181b5a4e2f0dc0cdf70e16c18e3466e436aae0bb96ef9b7dc24c7f219167115.exe
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
f181b5a4e2f0dc0cdf70e16c18e3466e436aae0bb96ef9b7dc24c7f219167115.exe
-
Size
4.8MB
-
MD5
1878733d5f2872169c33653a1ac9b623
-
SHA1
738a018c2c738e93ffa6dce3932ee994aa7b11e3
-
SHA256
f181b5a4e2f0dc0cdf70e16c18e3466e436aae0bb96ef9b7dc24c7f219167115
-
SHA512
bc0d3a8a84efcc80b7768efc0b4071722bdfdbb63c9ea9b5e45089257ee527772dfb9f2a259d10abf8ecc54c1816917d5a527bbd87adca333543cb0f1610a4b9
-
SSDEEP
98304:EQfNOLY2uXHEvr22SsaNYfdPBldt6+dBcjHtKRJ6BJIbzZ3IbzZY:eQHSM7jGImWK
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-