General
-
Target
efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19
-
Size
2.4MB
-
Sample
230419-tvvw9sdg7y
-
MD5
287b678f74eae9dacfc22cf4928227cc
-
SHA1
79e66f603dcf22e2223636118aa4e68bb696d956
-
SHA256
efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19
-
SHA512
2cc7a98d6ef5d140a32863dec4df40d3822fcdb09dcd2262c614ae34b2a2956257feab1d20a66ea2c81ab6f3c35186fa208c9c4af023b9f082e8d517d58b3c2b
-
SSDEEP
24576:yiE0BwNL6HwaygQ94d3qhHOeCmzL3Nlz4+laTT/h7fJ4kCLi+nDLgDnbSTSHcdJV:dxAWwah3xIL3fz4+laTT1BCeK6STS8F
Malware Config
Extracted
quasar
1.3.0.0
SUCCESS
41.185.97.216:4782
MUTEX_KMkEYpkuWKDvhVsEcT
-
encryption_key
kbnBYlo1Zoug7VQGhNv1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
cmd
-
subdirectory
SubDir
Targets
-
-
Target
efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19
-
Size
2.4MB
-
MD5
287b678f74eae9dacfc22cf4928227cc
-
SHA1
79e66f603dcf22e2223636118aa4e68bb696d956
-
SHA256
efbe462f4a296b1339e67659670384617fd29e48c998db6cab6ffc601a0d1f19
-
SHA512
2cc7a98d6ef5d140a32863dec4df40d3822fcdb09dcd2262c614ae34b2a2956257feab1d20a66ea2c81ab6f3c35186fa208c9c4af023b9f082e8d517d58b3c2b
-
SSDEEP
24576:yiE0BwNL6HwaygQ94d3qhHOeCmzL3Nlz4+laTT/h7fJ4kCLi+nDLgDnbSTSHcdJV:dxAWwah3xIL3fz4+laTT1BCeK6STS8F
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-