General
-
Target
Sp00fer.exe
-
Size
3.1MB
-
Sample
240630-sq3kwazdjg
-
MD5
ff468df2fde593962c6cdb3bdb4614ce
-
SHA1
870daa4279fa830d1f555f82ad8ac49789a6e31c
-
SHA256
c8e42ac2cdd0927bb4278a4cc154e8c768e8e1b0b5d5a02f04f9b9a16e6a7bf1
-
SHA512
e3ce71ee59b3ff3cd989d73b1c59255135bbdff53d6e50695cb24445a4ba1ad3626623e3f39dc4ece1ebae9b82547555cc726e20c5b093926bf9b459c5c7ce0a
-
SSDEEP
49152:jvulL26AaNeWgPhlmVqvMQ7XSKDy6Rk0vGYLoG2JquTHHB72eh2NT:jveL26AaNeWgPhlmVqkQ7XSKdk4
Behavioral task
behavioral1
Sample
Sp00fer.exe
Resource
win7-20240611-en
Malware Config
Extracted
quasar
1.4.1
Office04
pringelsy-53072.portmap.host:53072
6dc28d35-3024-44a7-a559-f9991015fa39
-
encryption_key
3107DF2D44BB6914C55BEA57D100135AB0F278DF
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
799
-
startup_key
Quasar Client Startup
-
subdirectory
Common Files
Targets
-
-
Target
Sp00fer.exe
-
Size
3.1MB
-
MD5
ff468df2fde593962c6cdb3bdb4614ce
-
SHA1
870daa4279fa830d1f555f82ad8ac49789a6e31c
-
SHA256
c8e42ac2cdd0927bb4278a4cc154e8c768e8e1b0b5d5a02f04f9b9a16e6a7bf1
-
SHA512
e3ce71ee59b3ff3cd989d73b1c59255135bbdff53d6e50695cb24445a4ba1ad3626623e3f39dc4ece1ebae9b82547555cc726e20c5b093926bf9b459c5c7ce0a
-
SSDEEP
49152:jvulL26AaNeWgPhlmVqvMQ7XSKDy6Rk0vGYLoG2JquTHHB72eh2NT:jveL26AaNeWgPhlmVqkQ7XSKdk4
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-