General

  • Target

    b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34

  • Size

    983KB

  • Sample

    230129-1bbslsdd68

  • MD5

    d87b2ef3227b9fa712f51714bbe8e337

  • SHA1

    a06b25c0cf16f967ef40c4832dd43bca88f2147d

  • SHA256

    b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34

  • SHA512

    66fb810ae7d5111a6da552fca4644370a367922583aba20c453d68ce74c6dba0216d418f03683ea50924149e4232d9d2a5708d305f7c5d611feb13b967170716

  • SSDEEP

    24576:Q+tPSg5/YGpKxU8zx+uf8j4L/AlxNemsDSdGsr:XtPS9K8FbUjgAlxNfs+Z

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

test 1

C2

192.168.68.109:8080

Mutex

QSR_MUTEX_mEw8e7d5JFnWElKx6H

Attributes
  • encryption_key

    sh96FHUHgXB5ZJsysAr5

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34

    • Size

      983KB

    • MD5

      d87b2ef3227b9fa712f51714bbe8e337

    • SHA1

      a06b25c0cf16f967ef40c4832dd43bca88f2147d

    • SHA256

      b8ee29fd0c11ec6207bbe44bfb1880e57cd62ebc85480dfa2d301d5ba492ca34

    • SHA512

      66fb810ae7d5111a6da552fca4644370a367922583aba20c453d68ce74c6dba0216d418f03683ea50924149e4232d9d2a5708d305f7c5d611feb13b967170716

    • SSDEEP

      24576:Q+tPSg5/YGpKxU8zx+uf8j4L/AlxNemsDSdGsr:XtPS9K8FbUjgAlxNfs+Z

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks