General
-
Target
bound.exe
-
Size
348KB
-
Sample
240702-v5n25sxfnn
-
MD5
0ae23c1f2280f21b756d59c3590f1f9e
-
SHA1
b2f42f4f3cc053a41c2c5a4b981e3951ece66632
-
SHA256
e2ccf4d25499df5ed69b0b1a8d78c159c6873a86bfe8b3e07eae41516b3d6709
-
SHA512
5989bd7704a9f7cfb608d347f2c4ad262165f093078a55675418953b81a1346a80fb8c61031b8a2ed6d8548376691b1f2d8e076b0d77964d17178292d931aae2
-
SSDEEP
6144:nm2NHXf500MCB/7JWQ7vVjvVDpGbMODP43YxpG+kN8/xM/y:Nd5089W8pMDPZxJ085uy
Behavioral task
behavioral1
Sample
bound.exe
Resource
win7-20240508-en
Malware Config
Extracted
quasar
1.3.0.0
NEW
hanezack.ddns.net:1005
QSR_MUTEX_pnKSaWFUwQX1pUWVc9
-
encryption_key
dFDp0i8Pk4OpqeTcstEK
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
bound.exe
-
Size
348KB
-
MD5
0ae23c1f2280f21b756d59c3590f1f9e
-
SHA1
b2f42f4f3cc053a41c2c5a4b981e3951ece66632
-
SHA256
e2ccf4d25499df5ed69b0b1a8d78c159c6873a86bfe8b3e07eae41516b3d6709
-
SHA512
5989bd7704a9f7cfb608d347f2c4ad262165f093078a55675418953b81a1346a80fb8c61031b8a2ed6d8548376691b1f2d8e076b0d77964d17178292d931aae2
-
SSDEEP
6144:nm2NHXf500MCB/7JWQ7vVjvVDpGbMODP43YxpG+kN8/xM/y:Nd5089W8pMDPZxJ085uy
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-