General
-
Target
Server.exe
-
Size
3.1MB
-
Sample
240630-f2b6vatgmh
-
MD5
89e0f8d71958e344d1071cab560dd305
-
SHA1
f106a720d7b80d373bbe84792c53aab491a30924
-
SHA256
136d4f11ca284be9615ee652f493d2e357d164091029286eee7b3350c2e7d4c3
-
SHA512
4ae82e52ccb2a20b4781ef906edbfabf030c178b45eafe672f163ae668ce02cd20911f898ab5280bf75b66c241478715236da2edc5864b275504d14e35ec42ad
-
SSDEEP
49152:SvyI22SsaNYfdPBldt698dBcjHQnhabRjPLoGdtaTHHB72eh2NT:Svf22SsaNYfdPBldt6+dBcjHQnhOT
Malware Config
Extracted
quasar
1.4.1
Hacked
them-recommended.gl.at.ply.gg:37993
145f9813-188a-4b62-ba7f-be07578e5a8f
-
encryption_key
9B76C981C0602003513D6F00F317713EF0E2A660
-
install_name
Updater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Updater
-
subdirectory
Update
Targets
-
-
Target
Server.exe
-
Size
3.1MB
-
MD5
89e0f8d71958e344d1071cab560dd305
-
SHA1
f106a720d7b80d373bbe84792c53aab491a30924
-
SHA256
136d4f11ca284be9615ee652f493d2e357d164091029286eee7b3350c2e7d4c3
-
SHA512
4ae82e52ccb2a20b4781ef906edbfabf030c178b45eafe672f163ae668ce02cd20911f898ab5280bf75b66c241478715236da2edc5864b275504d14e35ec42ad
-
SSDEEP
49152:SvyI22SsaNYfdPBldt698dBcjHQnhabRjPLoGdtaTHHB72eh2NT:Svf22SsaNYfdPBldt6+dBcjHQnhOT
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-