General
-
Target
https://mega.nz/file/SZtVQa6I#GNLB0pLvrwXgFCvT3WXIWzg8W5aNqQMX-gQi23JfPjc
-
Sample
240701-gqwlsaxgna
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mega.nz/file/SZtVQa6I#GNLB0pLvrwXgFCvT3WXIWzg8W5aNqQMX-gQi23JfPjc
Resource
win11-20240611-en
22 signatures
600 seconds
Malware Config
Extracted
Family
quasar
Version
3.0.1
Botnet
WyvernDumbass
C2
127.0.0.1:2912
Mutex
QSR_MUTEX_kZpgHXcbTqoAXhJbxd
Attributes
-
encryption_key
VkgXdJ4sFQMwCQwt6rcE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
https://mega.nz/file/SZtVQa6I#GNLB0pLvrwXgFCvT3WXIWzg8W5aNqQMX-gQi23JfPjc
Score10/10-
Quasar payload
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-