Analysis
-
max time kernel
162s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
24-03-2022 08:27
General
-
Target
4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f.exe
-
Size
348KB
-
MD5
4e22eda5918426ccbc58319c13978906
-
SHA1
080d364b894ee591be92afa782db2ae93192bea9
-
SHA256
4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
-
SHA512
03cc56592add96ea7d3fc592308c4043558b17b55cbe520c5e24764fb489dabfdbe51910a59d537b795073cb1ed6b10a3b703b68bf4a24fcfa91b91c3c875901
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
Test1
C2
sharaga.ddns.net:25565
81.1.158.128:25565
Mutex
QSR_MUTEX_2Wq2bcpv2N4Sls5IAl
Attributes
-
encryption_key
3IYxH0O6qCkTu1k47KTz
-
install_name
java.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Java
-
subdirectory
.minecraft
Signatures
-
Quasar Payload 1 IoCs
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f.exe"C:\Users\Admin\AppData\Local\Temp\4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4776-134-0x0000000000370000-0x00000000003CE000-memory.dmpFilesize
376KB
-
memory/4776-135-0x00000000052C0000-0x0000000005864000-memory.dmpFilesize
5.6MB
-
memory/4776-136-0x0000000004E20000-0x0000000004EB2000-memory.dmpFilesize
584KB
-
memory/4776-137-0x0000000005230000-0x0000000005296000-memory.dmpFilesize
408KB
-
memory/4776-138-0x0000000005A70000-0x0000000005A82000-memory.dmpFilesize
72KB