General
-
Target
Client-built.exe
-
Size
3.1MB
-
Sample
240702-b48klssajb
-
MD5
e55e15bea243fd9bba10a445fa3441ae
-
SHA1
4d2f04eb3cd2169652ae28ea02db2aaa8ee1123a
-
SHA256
72d2aedd7b7d74faee7b632bc3cbbd8c0c3be4f9ffb61601c7a779e5a7f1052e
-
SHA512
18ac9230fc33a8fa18e0270cf6ea6f68f034dfe15d97a6ac7fc59591f8c7ff05e2014d843ca8c8d0e20345219b491a862dd7900cdf44466cff4f4f862d69c6c2
-
SSDEEP
49152:yvOI22SsaNYfdPBldt698dBcjHqkFAfdRoGd7MTHHB72eh2NT:yvj22SsaNYfdPBldt6+dBcjHqFff
Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Solara
DESKTOP-JVK5CI7:4782
39c5c45c-62a0-4623-a904-5cbad2aa6b55
-
encryption_key
41AD0502F025DD3F47720DC4BDEED540F3EAFD12
-
install_name
securekerneI.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Update
-
subdirectory
SubDir
Targets
-
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
e55e15bea243fd9bba10a445fa3441ae
-
SHA1
4d2f04eb3cd2169652ae28ea02db2aaa8ee1123a
-
SHA256
72d2aedd7b7d74faee7b632bc3cbbd8c0c3be4f9ffb61601c7a779e5a7f1052e
-
SHA512
18ac9230fc33a8fa18e0270cf6ea6f68f034dfe15d97a6ac7fc59591f8c7ff05e2014d843ca8c8d0e20345219b491a862dd7900cdf44466cff4f4f862d69c6c2
-
SSDEEP
49152:yvOI22SsaNYfdPBldt698dBcjHqkFAfdRoGd7MTHHB72eh2NT:yvj22SsaNYfdPBldt6+dBcjHqFff
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-