General
-
Target
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
-
Size
3.2MB
-
Sample
240701-ffb9qawhke
-
MD5
e9ed2adca7e63a58d0895179fc1e121f
-
SHA1
ae23767acd8d4a88b7c69d84e4df5f9733653662
-
SHA256
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
-
SHA512
7fc5de0e2d85c85592ff935faa5ffa10e33615c8b2d274d28c322764706c2847ee40a9f15c3867cf278981fe2ac3778cbb9b3bd400f6c4064691f9c7c9ff51b0
-
SSDEEP
98304:visDo5sRzG+RVgbtHSB2MqlcY+kd4204+N1o:6uRq+8btHSdA/N
Static task
static1
Behavioral task
behavioral1
Sample
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Stereo
nickhill112-30910.portmap.host:30910
c93b672f-8b8c-48b8-a712-e952d64b741a
-
encryption_key
985DB7D034DB1B5D52F524873569DDDE4080F31C
-
install_name
Stereo.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
update.exe
-
subdirectory
SubDir
Targets
-
-
Target
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
-
Size
3.2MB
-
MD5
e9ed2adca7e63a58d0895179fc1e121f
-
SHA1
ae23767acd8d4a88b7c69d84e4df5f9733653662
-
SHA256
f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
-
SHA512
7fc5de0e2d85c85592ff935faa5ffa10e33615c8b2d274d28c322764706c2847ee40a9f15c3867cf278981fe2ac3778cbb9b3bd400f6c4064691f9c7c9ff51b0
-
SSDEEP
98304:visDo5sRzG+RVgbtHSB2MqlcY+kd4204+N1o:6uRq+8btHSdA/N
-
Quasar payload
-
Detects .NET executables utilizing NyanX-CAT C# Loader
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-