General
-
Target
start.bat
-
Size
409KB
-
Sample
240701-2xpr2ayepr
-
MD5
4d5c83242f9d8a68a312c797420bc7f1
-
SHA1
2d63d539f1d359ab6915f57dcdc51941a5d5e962
-
SHA256
63755f46f6f2cb7385163dce5e872ec45aad248c936e3e2bf762224bed7dee89
-
SHA512
9f8772838eda6a3b58204aca0d2f6a8a73bb99591e78d5a7fb8a06c7c4bc3e528ad25b8f625d7fedbf94fb1967bc51f6bef1d0c8ab896b4a30905e4515610a6d
-
SSDEEP
12288:Ipg6M1iH0PHaTOs8BxmuCUUwuHsK6q7XpJP:QxqidTOsONCOmsK6qdB
Malware Config
Extracted
quasar
3.1.5
SeroXen
hall-rpm.gl.at.ply.gg:54746
$Sxr-GV6wZsGZZMeZ3qfenc
-
encryption_key
rF1nlsgEFCr3XbMRmPLx
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
start.bat
-
Size
409KB
-
MD5
4d5c83242f9d8a68a312c797420bc7f1
-
SHA1
2d63d539f1d359ab6915f57dcdc51941a5d5e962
-
SHA256
63755f46f6f2cb7385163dce5e872ec45aad248c936e3e2bf762224bed7dee89
-
SHA512
9f8772838eda6a3b58204aca0d2f6a8a73bb99591e78d5a7fb8a06c7c4bc3e528ad25b8f625d7fedbf94fb1967bc51f6bef1d0c8ab896b4a30905e4515610a6d
-
SSDEEP
12288:Ipg6M1iH0PHaTOs8BxmuCUUwuHsK6q7XpJP:QxqidTOsONCOmsK6qdB
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-