Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    03543b1c5bfd9393444c098e18ab1ab2fdd450d8544f8fd4019f2ddb4b764edd

  • Size

    1.7MB

  • Sample

    221008-1675asgaak

  • MD5

    3a9f26f591eea148881df705db331380

  • SHA1

    28cf6555dc5df449b8d22fb01180552a1bdc74f9

  • SHA256

    03543b1c5bfd9393444c098e18ab1ab2fdd450d8544f8fd4019f2ddb4b764edd

  • SHA512

    d3e62d0a83ea378a16f805338e11a79c9d4d9bf25442462a34fb08488ec59ebb119b1618c42837d5db2c7431c48500db309527d8a941378608e341db432873ed

  • SSDEEP

    24576:PUxJIRCRoenYQb6VOJ8Kgn1beVuumyEU:

Score
10/10
quasarciopersistencespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Cio

C2

162.19.131.197:4782

Mutex

c5fdf017-8f44-47ea-a69e-0b82e4044ca7

Attributes
  • encryption_key

    59A92039F951E5069C9F50FD9F340E759713B058

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      03543b1c5bfd9393444c098e18ab1ab2fdd450d8544f8fd4019f2ddb4b764edd

    • Size

      1.7MB

    • MD5

      3a9f26f591eea148881df705db331380

    • SHA1

      28cf6555dc5df449b8d22fb01180552a1bdc74f9

    • SHA256

      03543b1c5bfd9393444c098e18ab1ab2fdd450d8544f8fd4019f2ddb4b764edd

    • SHA512

      d3e62d0a83ea378a16f805338e11a79c9d4d9bf25442462a34fb08488ec59ebb119b1618c42837d5db2c7431c48500db309527d8a941378608e341db432873ed

    • SSDEEP

      24576:PUxJIRCRoenYQb6VOJ8Kgn1beVuumyEU:

    Score
    10/10
    quasarciopersistencespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks