General
-
Target
ba81b05c43bae8ee850ebff1ca399808b4828e5455ad2b2f9e64dd7962c33862
-
Size
3.1MB
-
Sample
240701-cc95sssfna
-
MD5
1633db1ce0d5eae8b246019541b00372
-
SHA1
00b8f4ede2ca86fd53b3012e4a317318a20dd39b
-
SHA256
ba81b05c43bae8ee850ebff1ca399808b4828e5455ad2b2f9e64dd7962c33862
-
SHA512
3843b4ad7b2a6d7dd8220f4dd30952a3f6d9918c1391234d3fc2abfcd2adcfd33a6d161a9ad562df661149dedaf5b0589484eb053fdb35c3f41983066e22751a
-
SSDEEP
49152:rvzlL26AaNeWgPhlmVqvMQ7XSKY9BSPnaMYLowdseTHHB72eh2NT:rvpL26AaNeWgPhlmVqkQ7XSK+oPY
Behavioral task
behavioral1
Sample
ba81b05c43bae8ee850ebff1ca399808b4828e5455ad2b2f9e64dd7962c33862.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.1.111:4782
1f5e43b0-2e6e-4529-bedf-628650591bdf
-
encryption_key
0FF1E4E83CF341CB74C4BB8B5D7980A41A9AF65B
-
install_name
DescryptMain.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
ba81b05c43bae8ee850ebff1ca399808b4828e5455ad2b2f9e64dd7962c33862
-
Size
3.1MB
-
MD5
1633db1ce0d5eae8b246019541b00372
-
SHA1
00b8f4ede2ca86fd53b3012e4a317318a20dd39b
-
SHA256
ba81b05c43bae8ee850ebff1ca399808b4828e5455ad2b2f9e64dd7962c33862
-
SHA512
3843b4ad7b2a6d7dd8220f4dd30952a3f6d9918c1391234d3fc2abfcd2adcfd33a6d161a9ad562df661149dedaf5b0589484eb053fdb35c3f41983066e22751a
-
SSDEEP
49152:rvzlL26AaNeWgPhlmVqvMQ7XSKY9BSPnaMYLowdseTHHB72eh2NT:rvpL26AaNeWgPhlmVqkQ7XSK+oPY
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Executes dropped EXE
-