General

  • Target

    439e49a4df2f4bcc359283d02f612e98

  • Size

    527KB

  • Sample

    210624-tmff1at666

  • MD5

    439e49a4df2f4bcc359283d02f612e98

  • SHA1

    bf6e8632bedeb80e72f664e2d4ca8b260a77115d

  • SHA256

    a792be03af23fe52b708d22df6cadeb3374bb5500416a862eee57ea56db20fd5

  • SHA512

    4d1fd328d45b67ce5a8acb91fe25cbc6e4b6bc252ef95e94cb43ae3264f83f77d0e66cff16fbe8b40a2ac063c8b95758dd6969001a1d56a7e4f96ca3a786c992

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

45.77.20.114:1604

Attributes
encryption_key
7E1D5BE8A11725FE11CAC5785F9684E24960D4AC
install_name
Media.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Media
subdirectory
SubDir

Targets

    • Target

      439e49a4df2f4bcc359283d02f612e98

    • Size

      527KB

    • MD5

      439e49a4df2f4bcc359283d02f612e98

    • SHA1

      bf6e8632bedeb80e72f664e2d4ca8b260a77115d

    • SHA256

      a792be03af23fe52b708d22df6cadeb3374bb5500416a862eee57ea56db20fd5

    • SHA512

      4d1fd328d45b67ce5a8acb91fe25cbc6e4b6bc252ef95e94cb43ae3264f83f77d0e66cff16fbe8b40a2ac063c8b95758dd6969001a1d56a7e4f96ca3a786c992

    • Quasar Payload

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Executes dropped EXE

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                      Privilege Escalation