General
-
Target
start.bat
-
Size
409KB
-
Sample
240701-2yyrbsyfml
-
MD5
314acafdf1ab722b8eadc4d47e447a83
-
SHA1
a07d05b68bdee1b06eb6eab80e771059a3737cc4
-
SHA256
67dc8acb1ccaa1d7ee0d2cc53d246ab6e6002c8bffec5cc1e3a723c51fee0f56
-
SHA512
769522b43dc7a5717f58cf276f6977643f92949ceebc366bbabb23bd5e601b9023c86158222bc4a6594121bab825774fd8ce7027366c51e3caba68b350ad043b
-
SSDEEP
6144:VMyPp5S6M1Xy0m3OWbwOoxCCp6bb7HJfbxbZTFEhHAENAWo79Digs:Jpg6M1iv3OWbo/p6bJNbHYpXo79Digs
Malware Config
Extracted
quasar
3.1.5
SeroXen
hall-rpm.gl.at.ply.gg:54746
$Sxr-GV6wZsGZZMeZ3qfenc
-
encryption_key
HBFmF2eQ2dyu9E1lKQar
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
start.bat
-
Size
409KB
-
MD5
314acafdf1ab722b8eadc4d47e447a83
-
SHA1
a07d05b68bdee1b06eb6eab80e771059a3737cc4
-
SHA256
67dc8acb1ccaa1d7ee0d2cc53d246ab6e6002c8bffec5cc1e3a723c51fee0f56
-
SHA512
769522b43dc7a5717f58cf276f6977643f92949ceebc366bbabb23bd5e601b9023c86158222bc4a6594121bab825774fd8ce7027366c51e3caba68b350ad043b
-
SSDEEP
6144:VMyPp5S6M1Xy0m3OWbwOoxCCp6bb7HJfbxbZTFEhHAENAWo79Digs:Jpg6M1iv3OWbo/p6bJNbHYpXo79Digs
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-