General
-
Target
Uni.bat
-
Size
576KB
-
Sample
240702-vj22wasdqg
-
MD5
53c25a989659575eda761a7e10e47639
-
SHA1
3f9dab7caaa8ce9d090c345a45d840ca6d6403bd
-
SHA256
eabafc43f60c7a0f9b29358aaf66df5e539eae7da4206e19fca24a7cad16ec22
-
SHA512
596c2d21690b6ff2651d2a49c54d3f3fd0b5c84b2cb201941f76283a7f63000c97a362e8d1bbccedaa8edc31a9423ba5684cf695c8be2de756067bdba518b75d
-
SSDEEP
12288:NeI/2vRHcJNVJ5F/FKOws8GcYLeRqjaJ9Gx0R6FSXc2:L/68JTF0pSaJ99RGs
Static task
static1
Malware Config
Extracted
quasar
15.5.0
SeroXen
147.185.221.20:49485
QSR_MUTEX_rzhQPLl57DqbMvbZp9
-
encryption_key
uci47GgWZEaymmo5mXad
-
install_name
Client.exe
-
log_directory
$sxr-Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Uni.bat
-
Size
576KB
-
MD5
53c25a989659575eda761a7e10e47639
-
SHA1
3f9dab7caaa8ce9d090c345a45d840ca6d6403bd
-
SHA256
eabafc43f60c7a0f9b29358aaf66df5e539eae7da4206e19fca24a7cad16ec22
-
SHA512
596c2d21690b6ff2651d2a49c54d3f3fd0b5c84b2cb201941f76283a7f63000c97a362e8d1bbccedaa8edc31a9423ba5684cf695c8be2de756067bdba518b75d
-
SSDEEP
12288:NeI/2vRHcJNVJ5F/FKOws8GcYLeRqjaJ9Gx0R6FSXc2:L/68JTF0pSaJ99RGs
-
Quasar payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-