General

  • Target

    Client-built5.exe

  • Size

    502KB

  • Sample

    230126-hlt3tsec6z

  • MD5

    367d0e44520f35022b064d8a5abd803d

  • SHA1

    9a05aab1b349fa675f1a0e89942086230036ddb2

  • SHA256

    e37336f3a830ac428d316728926465c52d3439ee70b313d16a2da722ee9bac5b

  • SHA512

    55d8b92a49169cbd99740899d8f8d9976ac7239e6a01647f34976cdea4c3597f78c22b52b2bcd29409dd897f073d61bea56b1208f811d1f762fc5d0e2d3c66e3

  • SSDEEP

    6144:5TEgdc0YzXAGbgiIN2RSBStwkIKGgRsHbRscEIOb8F9HctvM9xpGr8cTR3a:5TEgdfYjbguHKs4pG1aLGr8cda

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

192.168.0.195:1604

Mutex

fffd6dc4-1f37-4e65-b7aa-0102dd3decf4

Attributes
  • encryption_key

    894D60DF1A73A828E12DB9DF734CD59FBE6522AB

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built5.exe

    • Size

      502KB

    • MD5

      367d0e44520f35022b064d8a5abd803d

    • SHA1

      9a05aab1b349fa675f1a0e89942086230036ddb2

    • SHA256

      e37336f3a830ac428d316728926465c52d3439ee70b313d16a2da722ee9bac5b

    • SHA512

      55d8b92a49169cbd99740899d8f8d9976ac7239e6a01647f34976cdea4c3597f78c22b52b2bcd29409dd897f073d61bea56b1208f811d1f762fc5d0e2d3c66e3

    • SSDEEP

      6144:5TEgdc0YzXAGbgiIN2RSBStwkIKGgRsHbRscEIOb8F9HctvM9xpGr8cTR3a:5TEgdfYjbguHKs4pG1aLGr8cda

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks