General

  • Target

    5FOV_No_Delay.rar

  • Size

    1.3MB

  • Sample

    230821-p4ybjach47

  • MD5

    c9c997723fdfd3d6a8c5ceb7760e12e6

  • SHA1

    6f7aa9f95ced9b6d504cbdd2eee4e3e0e25e0f77

  • SHA256

    8204706fb5a3a20570283d65b191c13d19fafe7e95caf4e642c0ab80a6e05419

  • SHA512

    ccc68f8d3478334d6bca18636ee3a3f8d423c070390698c71875ad0a8f8e8c0835e4eb87642f612ddf2495e261581c65f35f2a4138976a4a1135ec70b4df747d

  • SSDEEP

    24576:/KrIusGGC/NySlITIY0GM0JT5mYvcGKR4FZz40m0OXx0Xf4Qkk76lfuJKW:/Krx+kBG0YRM0JAYkGKR4FW0mDh0PXkI

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

5FOV_No_Delay

C2

10.0.2.15:4782

Mutex

3855a4de-fdf1-4ce7-8a15-60d9db39b127

Attributes
  • encryption_key

    1B54246BE5866DD85D5E2DCF192A40BF9215357D

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Google Chrome Update

  • subdirectory

    SubDir

Targets

    • Target

      5FOV No Delay/5FOV_No_Delay.exe

    • Size

      1.3MB

    • MD5

      847ad50bef0a4db9e12b35d682b916d2

    • SHA1

      6e1444da76eab5ff589988bad8d7feb3ddad339b

    • SHA256

      83eca531bc045bb8d908d3a5461efd7120d735c9aa5003ae594b9bbe70e87604

    • SHA512

      464f521a56d30c15e26af32815d4d99994651540e5f2835d1a1207087d4f026d457239b5745ab91da8ad2b7493305e43dfc235c8895ec1860334d6ac641082e8

    • SSDEEP

      24576:1fWaaBHA4KC1Qsx+9uAKgPOZjeWePI/bqx4eI93rVkeG6:1MBg1C1T+TKfZjeWeQWxA3ft

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks