General
-
Target
f2f1e808e8a0313e92728a71031994c5339d07a8542161691350e8b90f065167
-
Size
1.4MB
-
Sample
230801-bwc4qsde2v
-
MD5
bc8c83a2ff96a60308b0ee03e1b54922
-
SHA1
9bc65fd99ce91c8908b61f8179a05edfda6bd957
-
SHA256
f2f1e808e8a0313e92728a71031994c5339d07a8542161691350e8b90f065167
-
SHA512
7959233f8f92ea9f1365d7f021a558118620fb85cc4cb98b0535915a4f874f7c08e72cd0473dcd493f4f81457bd9a314118c6ff22b6097eb4ed353093a6c8091
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
f2f1e808e8a0313e92728a71031994c5339d07a8542161691350e8b90f065167
-
Size
1.4MB
-
MD5
bc8c83a2ff96a60308b0ee03e1b54922
-
SHA1
9bc65fd99ce91c8908b61f8179a05edfda6bd957
-
SHA256
f2f1e808e8a0313e92728a71031994c5339d07a8542161691350e8b90f065167
-
SHA512
7959233f8f92ea9f1365d7f021a558118620fb85cc4cb98b0535915a4f874f7c08e72cd0473dcd493f4f81457bd9a314118c6ff22b6097eb4ed353093a6c8091
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-