General

  • Target

    Remover.bat

  • Size

    4.4MB

  • Sample

    230520-tq5kxafh6w

  • MD5

    f3aa3ff4c657d03f217b05e3de5cfe0f

  • SHA1

    f39fe9fecd327901aceb32d55979fb49300a907a

  • SHA256

    3c22aced502398a94ad0c44fbdb1eb78e96a500e39af497ff6c7a9f9c512ef25

  • SHA512

    99ef3dba1ccd41f4284a2026edd400acff7ec0fb13652e8da71a17417a2c7ed571a227559b3f7b5991f7aa79cd883d14cd6cf17582095633597ed826ffcdd637

  • SSDEEP

    24576:DuFAc9dtV23GygMMgqMPGBpQdLZF4VxNB6bu6T4Llm8H2fNjx/YNcQq3NON5BOze:ppgMlWQojUWxw94oa

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

5.180.180.66:4782

Mutex

28d5f0ab-9c9d-4762-9e41-3c5ccbfcffae

Attributes
  • encryption_key

    5484AD7AC17743300FB1AC39869E7C36DF7762A0

  • install_name

    MicrosoftEdge.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Edge

  • subdirectory

    Edge

Targets

    • Target

      Remover.bat

    • Size

      4.4MB

    • MD5

      f3aa3ff4c657d03f217b05e3de5cfe0f

    • SHA1

      f39fe9fecd327901aceb32d55979fb49300a907a

    • SHA256

      3c22aced502398a94ad0c44fbdb1eb78e96a500e39af497ff6c7a9f9c512ef25

    • SHA512

      99ef3dba1ccd41f4284a2026edd400acff7ec0fb13652e8da71a17417a2c7ed571a227559b3f7b5991f7aa79cd883d14cd6cf17582095633597ed826ffcdd637

    • SSDEEP

      24576:DuFAc9dtV23GygMMgqMPGBpQdLZF4VxNB6bu6T4Llm8H2fNjx/YNcQq3NON5BOze:ppgMlWQojUWxw94oa

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Tasks