Overview

overview

10

Static

static

10

358b3ab1e4...be.exe

windows7-x64

10

358b3ab1e4...be.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    358b3ab1e4adca50e3707fe6c8a409be.exe

  • Size

    502KB

  • Sample

    221128-srhbbsdb59

  • MD5

    358b3ab1e4adca50e3707fe6c8a409be

  • SHA1

    f8fd21480ef96b52766cf0739ca742fd0191719d

  • SHA256

    49c28afc5251fc17d33de601ba75e53b3e1502cbbe8b504be3badc3cfdf7dcf2

  • SHA512

    83f7e1d7d5c795483f73931cec2e90951a267ca4592ed4a27e3e8874bac506b2904b0fe24a07179b08b99049b1b1e109945e167b30cd2c95305a6bdd5dd1aed1

  • SSDEEP

    6144:sTEgdc0YuXO0l6HeR9iUnD3kmAVlOv/5Etqi+yw4YUcEqOb8F9qYuVjcTR3a:sTEgdfYIl6wTkIu4ryw+6pwZVjcda

Score
10/10
quasarupdatespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Update

C2

2cool4school.ddns.net:6520

2cool4school.ddns.net:6522
Mutex

3af59cee-aaa9-4385-bf90-0bf1acadc44f

Attributes
  • encryption_key

    274C4CB45396A47039F9292DF2A754DC52225502

  • install_name

    update.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    SubDir

Targets

    • Target

      358b3ab1e4adca50e3707fe6c8a409be.exe

    • Size

      502KB

    • MD5

      358b3ab1e4adca50e3707fe6c8a409be

    • SHA1

      f8fd21480ef96b52766cf0739ca742fd0191719d

    • SHA256

      49c28afc5251fc17d33de601ba75e53b3e1502cbbe8b504be3badc3cfdf7dcf2

    • SHA512

      83f7e1d7d5c795483f73931cec2e90951a267ca4592ed4a27e3e8874bac506b2904b0fe24a07179b08b99049b1b1e109945e167b30cd2c95305a6bdd5dd1aed1

    • SSDEEP

      6144:sTEgdc0YuXO0l6HeR9iUnD3kmAVlOv/5Etqi+yw4YUcEqOb8F9qYuVjcTR3a:sTEgdfYIl6wTkIu4ryw+6pwZVjcda

    Score
    10/10
    quasarupdatespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks