General

  • Target

    ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c

  • Size

    478KB

  • Sample

    230811-d52vkacd8s

  • MD5

    fc44d05db7c9bc9dcebef7e3a5b96d4c

  • SHA1

    59f021c6e90eda72da09f14339c6a18e0c95c052

  • SHA256

    ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c

  • SHA512

    d070abeaf6a89c55461cc7ef46cdc6051733dd02cfc86d151cef27823d1a1429889cd84cb7b9a228ad7bf8104f6ce7984021d46848551eb481732cda933bfada

  • SSDEEP

    12288:IRdPFQ5NAb6jLjFQhdSf14ERIZWScCH9aQ8XEPtZ4R:IR05o6vE/ERLzoatXEPteR

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

spread

C2

adequatelicensing.at:4040

Mutex

d93e662e-a9de-4198-89ca-f18764fe29de

Attributes
  • encryption_key

    36FFB0B8C391E84D40C64F776A2794BCA2549D86

  • install_name

    Updater.exe

  • log_directory

    Logs

  • reconnect_delay

    1000

  • startup_key

    Java Update

  • subdirectory

    Java

Targets

    • Target

      ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c

    • Size

      478KB

    • MD5

      fc44d05db7c9bc9dcebef7e3a5b96d4c

    • SHA1

      59f021c6e90eda72da09f14339c6a18e0c95c052

    • SHA256

      ad9918b49fa95dfe97c75e43e108213059e53dde22e8afb73e63d44eb0699e1c

    • SHA512

      d070abeaf6a89c55461cc7ef46cdc6051733dd02cfc86d151cef27823d1a1429889cd84cb7b9a228ad7bf8104f6ce7984021d46848551eb481732cda933bfada

    • SSDEEP

      12288:IRdPFQ5NAb6jLjFQhdSf14ERIZWScCH9aQ8XEPtZ4R:IR05o6vE/ERLzoatXEPteR

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks