General
-
Target
sexy.exe
-
Size
502KB
-
Sample
220724-1txg2aabap
-
MD5
0e28531b24a9dea26005a84d0f9dfa94
-
SHA1
a749c6ab791a98fa17cc7251c37cf41ed2ca4277
-
SHA256
15a42865e3b9563b0162987d9ba85a18fe6f7befb28d39daed3277434347200f
-
SHA512
13d7596d08742b8425d461e38b007366c5ed3a9fe4b691e4b0bcc20548746a8813a3c1722f7e3ec08fbd7eb1916aa9fe436bf9c2179fe394d3663f406e83fc91
Malware Config
Extracted
quasar
1.4.0
Pd
djetdixipleshacker.ddns.net:4782
c6993971-9d33-47ee-97be-1ee4c55f5b22
-
encryption_key
5BF63D2A9E5DC89F2E977D9F2C3F6E7245BE30C9
-
install_name
WINDOWSREPAIRPROGRAMEFORVBUCKS.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
sussy
-
subdirectory
Microdoux
Targets
-
-
Target
sexy.exe
-
Size
502KB
-
MD5
0e28531b24a9dea26005a84d0f9dfa94
-
SHA1
a749c6ab791a98fa17cc7251c37cf41ed2ca4277
-
SHA256
15a42865e3b9563b0162987d9ba85a18fe6f7befb28d39daed3277434347200f
-
SHA512
13d7596d08742b8425d461e38b007366c5ed3a9fe4b691e4b0bcc20548746a8813a3c1722f7e3ec08fbd7eb1916aa9fe436bf9c2179fe394d3663f406e83fc91
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
suricata: ET MALWARE Generic AsyncRAT Style SSL Cert
-
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-