Overview

overview

10

Static

static

10

windows.exe

windows7-x64

10

windows.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    windows.bin

  • Size

    502KB

  • Sample

    220830-jzz2nsebaj

  • MD5

    c45ea5a089de4c676e46cfb5e21364bf

  • SHA1

    c4665e00632e585d3f984cbf77cae6c8ad17f9ba

  • SHA256

    005e49af315f639eb7f502317334698ae19f5118454146ff3af18968aa1b01b1

  • SHA512

    f0444698cc7a5b3bccf8abf2b49a4354af29d9053dbada901e1aeaeb41f7f720bee51421f91edd2e17cbe287c6e7cf733faa80e1e8bf1a87a36f975f591d1a56

  • SSDEEP

    6144:BTEgdc0YrX7IxUpGREWtDWDq6v0++75Grj2OScExTb8F9LFfMqFcTR3n:BTEgdfYIxU9DujholFkqFcdn

Score
10/10
quasarhackedspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Hacked

C2

buihieu.ddns.net:5678

Mutex

8cf52b9c-351a-43a7-b667-3da25dd56137

Attributes
  • encryption_key

    6F199BD1CDDD4176E76A08D4A433D5065CE026D9

  • install_name

    Windows.exe

  • log_directory

    Logs

  • reconnect_delay

    0

  • startup_key

    System32

  • subdirectory

    Windows

Targets

    • Target

      windows.bin

    • Size

      502KB

    • MD5

      c45ea5a089de4c676e46cfb5e21364bf

    • SHA1

      c4665e00632e585d3f984cbf77cae6c8ad17f9ba

    • SHA256

      005e49af315f639eb7f502317334698ae19f5118454146ff3af18968aa1b01b1

    • SHA512

      f0444698cc7a5b3bccf8abf2b49a4354af29d9053dbada901e1aeaeb41f7f720bee51421f91edd2e17cbe287c6e7cf733faa80e1e8bf1a87a36f975f591d1a56

    • SSDEEP

      6144:BTEgdc0YrX7IxUpGREWtDWDq6v0++75Grj2OScExTb8F9LFfMqFcTR3n:BTEgdfYIxU9DujholFkqFcdn

    Score
    10/10
    quasarhackedspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks