General
-
Target
2.0 clok me.exe
-
Size
3.1MB
-
Sample
240706-gf6c8szdqg
-
MD5
6dcecd42ade14d495f34e3743eec421e
-
SHA1
0e5400b1b52e828d7025d716c9d02e9cf3eb1c26
-
SHA256
7443d9f59ad175d9404fe336f94676c36124c5b0bf863e2d22f81a9a5f8d0018
-
SHA512
ab7d74fd08f851a891a478ff0d6f1efdea432692c87b6118d01a63ca70aefd0a17288c9a5fc273648eb2b6a320ce696f69b999014c027309998ed7ba2d2f630a
-
SSDEEP
49152:nv+lL26AaNeWgPhlmVqvMQ7XSKeMRJ60bR3LoGdxTHHB72eh2NT:nvuL26AaNeWgPhlmVqkQ7XSKeMRJ6+
Behavioral task
behavioral1
Sample
2.0 clok me.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
quasar
1.4.1
Office04
tcp://TGH-40257.portmap.host:40257:4782
e7d4fb50-d79c-4bd3-8707-360abef4571e
-
encryption_key
6AFABF4F74C0812398C367F811C78D8A6479DC97
-
install_name
shaderpacks.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
ServiceHost:Windows Accessory
-
subdirectory
SubDir
Targets
-
-
Target
2.0 clok me.exe
-
Size
3.1MB
-
MD5
6dcecd42ade14d495f34e3743eec421e
-
SHA1
0e5400b1b52e828d7025d716c9d02e9cf3eb1c26
-
SHA256
7443d9f59ad175d9404fe336f94676c36124c5b0bf863e2d22f81a9a5f8d0018
-
SHA512
ab7d74fd08f851a891a478ff0d6f1efdea432692c87b6118d01a63ca70aefd0a17288c9a5fc273648eb2b6a320ce696f69b999014c027309998ed7ba2d2f630a
-
SSDEEP
49152:nv+lL26AaNeWgPhlmVqvMQ7XSKeMRJ60bR3LoGdxTHHB72eh2NT:nvuL26AaNeWgPhlmVqkQ7XSKeMRJ6+
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1