General
-
Target
55e16b1f5723e21feb01689f3b4331ec38e45ebdf697228b48974d430232056a
-
Size
1.4MB
-
Sample
230803-b6ds1saf79
-
MD5
7c07f18b49242ab1180a6b42b564b0ee
-
SHA1
c9a991c259ce785eafc95055b002022856675f0a
-
SHA256
55e16b1f5723e21feb01689f3b4331ec38e45ebdf697228b48974d430232056a
-
SHA512
c703a99bf0f4941ca2178694d68aecc2fd6db7005ebc3108b7db9d828355841f7e6dce7fe5de487486b5a31a869c74710cf71f765537a4a13f355125f393b48e
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Malware Config
Extracted
quasar
1.3.0.0
-
94.131.105.161:12344
QSR_MUTEX_UEgITWnMKnRP3EZFzK
-
encryption_key
5Q0JQBQQfAUHRJTcAIOF
-
install_name
lient.exe
-
log_directory
Lugs
-
reconnect_delay
3000
-
startup_key
itartup
-
subdirectory
SubDir
Targets
-
-
Target
55e16b1f5723e21feb01689f3b4331ec38e45ebdf697228b48974d430232056a
-
Size
1.4MB
-
MD5
7c07f18b49242ab1180a6b42b564b0ee
-
SHA1
c9a991c259ce785eafc95055b002022856675f0a
-
SHA256
55e16b1f5723e21feb01689f3b4331ec38e45ebdf697228b48974d430232056a
-
SHA512
c703a99bf0f4941ca2178694d68aecc2fd6db7005ebc3108b7db9d828355841f7e6dce7fe5de487486b5a31a869c74710cf71f765537a4a13f355125f393b48e
-
SSDEEP
24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-