Overview

overview

10

Static

static

10

Cold War T...Z2.exe

windows7-x64

10

Cold War T...Z2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cold War Tool Free by R7XZ2.exe

  • Size

    664KB

  • Sample

    230207-a7v81sbh5s

  • MD5

    28b47c7dd2743e312aa5665d2237bbaf

  • SHA1

    8c0b0bd93738f6d3c7299073fa046a9923c43d94

  • SHA256

    0e75d20dc4bbc6e47d8af2a28ff28efac659bb5b6d1ba69a904ac3d338e0e2cb

  • SHA512

    75766bfcf5b90f0ab6c755e6d531377e73838aba956d1597e10d451172ba4df1243a26bc95b996e55f8b013c862e21e06eb48dfa1f00dce131e6e296f3a101f8

  • SSDEEP

    6144:yTEgdc0YXXbZvdo6EsRwdfuniFBlh/6KnFwQHocE8cb8F9bObLGnJ2cTR3j:yTEgdfY9do6Wu6hFwMHMn+4cdj

Score
10/10
quasarcoldwar tool by fxc11spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

ColdWar Tool by FXC11

C2

91.121.214.19:1605

Mutex

ee2a25d7-e4a9-452c-9a5f-a26bb677dfa1

Attributes
  • encryption_key

    F9F475501C6D2B1102A497EB1C3D52C90B8E007E

  • install_name

    QuickPump.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Defender Real Time Protection

  • subdirectory

    SubDir

Targets

    • Target

      Cold War Tool Free by R7XZ2.exe

    • Size

      664KB

    • MD5

      28b47c7dd2743e312aa5665d2237bbaf

    • SHA1

      8c0b0bd93738f6d3c7299073fa046a9923c43d94

    • SHA256

      0e75d20dc4bbc6e47d8af2a28ff28efac659bb5b6d1ba69a904ac3d338e0e2cb

    • SHA512

      75766bfcf5b90f0ab6c755e6d531377e73838aba956d1597e10d451172ba4df1243a26bc95b996e55f8b013c862e21e06eb48dfa1f00dce131e6e296f3a101f8

    • SSDEEP

      6144:yTEgdc0YXXbZvdo6EsRwdfuniFBlh/6KnFwQHocE8cb8F9bObLGnJ2cTR3j:yTEgdfY9do6Wu6hFwMHMn+4cdj

    Score
    10/10
    quasarcoldwar tool by fxc11spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks