General
-
Target
SolaraBootstrapper.exe
-
Size
3.1MB
-
Sample
240702-b37lxs1hpa
-
MD5
d1fa508b46362032225fd17c5bb85859
-
SHA1
7690e280c35cb4bf9a71aaad70ff4885393e680a
-
SHA256
f422a9717bc7a77fe867c28c7841e46f20d55157338f4faa5e5f56c8e07b22e7
-
SHA512
d1613ea3284a8cf4032632a5594f4d995deb25473cf76c8efd763dbf8fbc8a7e9345d5d3c3aca179773a42a6cb1932c97e3633747ad4d197fc54646dfe9fc184
-
SSDEEP
49152:TvHlL26AaNeWgPhlmVqvMQ7XSKWLRJ6EbR3LoGdiSTHHB72eh2NT:TvFL26AaNeWgPhlmVqkQ7XSKWLRJ6O
Behavioral task
behavioral1
Sample
SolaraBootstrapper.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SolaraBootstrapper.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
quasar
1.4.1
SolaraBootstrapper
DESKTOP-JVK5CI7:4782
39c5c45c-62a0-4623-a904-5cbad2aa6b55
-
encryption_key
41AD0502F025DD3F47720DC4BDEED540F3EAFD12
-
install_name
securekerneI.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
3.1MB
-
MD5
d1fa508b46362032225fd17c5bb85859
-
SHA1
7690e280c35cb4bf9a71aaad70ff4885393e680a
-
SHA256
f422a9717bc7a77fe867c28c7841e46f20d55157338f4faa5e5f56c8e07b22e7
-
SHA512
d1613ea3284a8cf4032632a5594f4d995deb25473cf76c8efd763dbf8fbc8a7e9345d5d3c3aca179773a42a6cb1932c97e3633747ad4d197fc54646dfe9fc184
-
SSDEEP
49152:TvHlL26AaNeWgPhlmVqvMQ7XSKWLRJ6EbR3LoGdiSTHHB72eh2NT:TvFL26AaNeWgPhlmVqkQ7XSKWLRJ6O
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-