General

  • Target

    opera.exe

  • Size

    3.2MB

  • Sample

    230812-rc8djadh8z

  • MD5

    723af0cee59b3aa2616be8a41c79ac26

  • SHA1

    97d3cfefdd0a7a4b4ca713529b9aa8e8961789f3

  • SHA256

    9549b2f1437e603ae99ef0031ddce2f585910d3612b9fb6fd2549339f9be0d25

  • SHA512

    7c5e611156ff7f32a2c87025b915927bd7ffc43a27ec7b44df92d7aa749ee016249265d71cd677c65aea7fadd02c434481e2f77ca74191fea65439b878a69d40

  • SSDEEP

    49152:WHp592AYawl1WPOl6NVtRkJ0xESmcuh4arjioGdKYXTHHB72eh2NT:WHj92AYawl1WPOl6NVLkJ0xEb9h4a

Malware Config

Extracted

Family

quasar

Version

1.0

Botnet

Opera

C2

4.tcp.eu.ngrok.io:19691

Mutex

dbdeb9e2-1d62-453a-8c06-8a6bf4be3071

Attributes
  • encryption_key

    8A2A7B58F2803115FF796E733C7311493928333B

  • install_name

    launcher.exe

  • log_directory

    Opera Logs

  • reconnect_delay

    3000

  • startup_key

    Opera Launcher

  • subdirectory

    Opera Software

Targets

    • Target

      opera.exe

    • Size

      3.2MB

    • MD5

      723af0cee59b3aa2616be8a41c79ac26

    • SHA1

      97d3cfefdd0a7a4b4ca713529b9aa8e8961789f3

    • SHA256

      9549b2f1437e603ae99ef0031ddce2f585910d3612b9fb6fd2549339f9be0d25

    • SHA512

      7c5e611156ff7f32a2c87025b915927bd7ffc43a27ec7b44df92d7aa749ee016249265d71cd677c65aea7fadd02c434481e2f77ca74191fea65439b878a69d40

    • SSDEEP

      49152:WHp592AYawl1WPOl6NVtRkJ0xESmcuh4arjioGdKYXTHHB72eh2NT:WHj92AYawl1WPOl6NVLkJ0xEb9h4a

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks