General

  • Target

    7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb.exe

  • Size

    544KB

  • Sample

    230209-tjnzksba45

  • MD5

    09eaa01d4cfdc1e07bacc0c7fa45ff02

  • SHA1

    08812d6fba326f56b3b05066e1d0464cbba27ff2

  • SHA256

    7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb46b

  • SHA512

    6c4367264bfd2d173284025aea705979c3a0a088141c4d92f04fa509df9f62499c14f331ea773c0777b4e919b4e8d716f85e8d2e34efcbc741fd1c7014898115

  • SSDEEP

    6144:91UkiucTWMxchMkLmsRkK800JI7famUSC59Q+ib8F9lZxS5saAOvOm:91Uk6aMx/Ir02e359rFDZx2AO7

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

quasharr.ddns.net:4782

quasharr21.ddns.net:4782

quasharr22.ddns.net:4782

quasharr33.ddns.net:4782

Mutex

1f1a8604-757c-4251-9294-1b6985c3c1c7

Attributes
  • encryption_key

    2D1A3994D3C8E5C6071E7048589030F3E389DDC7

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows

  • subdirectory

    SubDir

Targets

    • Target

      7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb.exe

    • Size

      544KB

    • MD5

      09eaa01d4cfdc1e07bacc0c7fa45ff02

    • SHA1

      08812d6fba326f56b3b05066e1d0464cbba27ff2

    • SHA256

      7c4978528431d76c38dc9f18087e5e2d4d2fbddafcb8a536eb8a7f328fbcb46b

    • SHA512

      6c4367264bfd2d173284025aea705979c3a0a088141c4d92f04fa509df9f62499c14f331ea773c0777b4e919b4e8d716f85e8d2e34efcbc741fd1c7014898115

    • SSDEEP

      6144:91UkiucTWMxchMkLmsRkK800JI7famUSC59Q+ib8F9lZxS5saAOvOm:91Uk6aMx/Ir02e359rFDZx2AO7

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks