Overview

overview

10

Static

static

10

42501e281d...8b.exe

windows7-x64

10

42501e281d...8b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42501e281de15d0331a70d0b34b94b8b.exe

  • Size

    348KB

  • Sample

    220922-kxp95aefcq

  • MD5

    42501e281de15d0331a70d0b34b94b8b

  • SHA1

    c9ae2a74d0e25e0d2c4946917767d46d33e208cc

  • SHA256

    b85d366a889518edf0a9899e2120de042965a72fc60c8795a2f9bd6eee96d58c

  • SHA512

    aaea1b070c6560264d2875b7fb355820af4ceab172ff4c5a6b21d893ec4955419c7b673bedae66beae5626dbbacf1c6fe7860008b49029275016c4ac97392f74

  • SSDEEP

    6144:j+NHXf500Mh9fsD02Sp1bS6Zh4SRy80WUw7K:yd50ODqhZh4SYXw7K

Score
10/10
quasargodbless my hustlespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Godbless my Hustle

C2

mill.hopto.org:7773

Mutex

QSR_MUTEX_IYpAlOHqocnX5nf6J7

Attributes
  • encryption_key

    4AVo5Pq15qMZSQfQWCXf

  • install_name

    Client.exe

  • log_directory

    Ll

  • reconnect_delay

    123

  • startup_key

    str

  • subdirectory

    SubDir

Targets

    • Target

      42501e281de15d0331a70d0b34b94b8b.exe

    • Size

      348KB

    • MD5

      42501e281de15d0331a70d0b34b94b8b

    • SHA1

      c9ae2a74d0e25e0d2c4946917767d46d33e208cc

    • SHA256

      b85d366a889518edf0a9899e2120de042965a72fc60c8795a2f9bd6eee96d58c

    • SHA512

      aaea1b070c6560264d2875b7fb355820af4ceab172ff4c5a6b21d893ec4955419c7b673bedae66beae5626dbbacf1c6fe7860008b49029275016c4ac97392f74

    • SSDEEP

      6144:j+NHXf500Mh9fsD02Sp1bS6Zh4SRy80WUw7K:yd50ODqhZh4SYXw7K

    Score
    10/10
    quasargodbless my hustlespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks