General
-
Target
SeroXen.exe
-
Size
933KB
-
Sample
240701-t6bmrssenl
-
MD5
a8df19d691e618c209f5c8e386deafcf
-
SHA1
135ea4a1d3c7358f7bd6a51973c7be7ee52f0d36
-
SHA256
821edf221e3b8fd8070cf04628e5f77507de5ecf9d1afea79375a22578b419c2
-
SHA512
80c1989ed585c313c14b6a91847b0e8fd758b1ef3bc3550322e6b6cb561b1bd2cb461c9ceea98b3240628fe6f74c2760b2a8db5f3f81b058559a2aed57e53779
-
SSDEEP
24576:HSsXbXtat9HdFVR1oM5fdILCF5WcQA7GUSwc:HSsDWZVJomzWEGUSP
Static task
static1
Malware Config
Extracted
quasar
15.5.0
SeroXen
147.185.221.20:49485
QSR_MUTEX_rzhQPLl57DqbMvbZp9
-
encryption_key
M2nw0PLpJxuyZQLyQ14p
-
install_name
Client.exe
-
log_directory
$sxr-Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
SeroXen.exe
-
Size
933KB
-
MD5
a8df19d691e618c209f5c8e386deafcf
-
SHA1
135ea4a1d3c7358f7bd6a51973c7be7ee52f0d36
-
SHA256
821edf221e3b8fd8070cf04628e5f77507de5ecf9d1afea79375a22578b419c2
-
SHA512
80c1989ed585c313c14b6a91847b0e8fd758b1ef3bc3550322e6b6cb561b1bd2cb461c9ceea98b3240628fe6f74c2760b2a8db5f3f81b058559a2aed57e53779
-
SSDEEP
24576:HSsXbXtat9HdFVR1oM5fdILCF5WcQA7GUSwc:HSsDWZVJomzWEGUSP
-
Quasar payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-