Resubmissions

21/08/2023, 12:33

230821-prkjxacg64 10

21/08/2023, 12:28

230821-pnqazsee4z 6

General

  • Target

    4545.dll

  • Size

    627KB

  • Sample

    230821-prkjxacg64

  • MD5

    86efe486dedbca08d9ce8a0b4156b75b

  • SHA1

    4f977cef5183e3d325cd8f9bb245b7de0f288256

  • SHA256

    9b85fbfa3892a7a6deffba5d5bc5dd9c35ac6cb97a631752142faa0839423186

  • SHA512

    56ba499f7e9dddccb029337048713171bc47f9055de68bb4a734a617fc12bf1870326ab97c3838e6c16e809d1c38326a57585469f40843e6ed54d92b5f1cca76

  • SSDEEP

    12288:2TrZPDCk8aIcpSUM8IbLnFEeVJGAuG/g1ms5ULR:Ekk8av9IXFZoA9ghG

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

tt

C2

139.99.32.95:8888

Mutex

HppI5biWMFuomgcjmz

Attributes
  • encryption_key

    nzQ60hZEAGD2pwynMrhx

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      4545.dll

    • Size

      627KB

    • MD5

      86efe486dedbca08d9ce8a0b4156b75b

    • SHA1

      4f977cef5183e3d325cd8f9bb245b7de0f288256

    • SHA256

      9b85fbfa3892a7a6deffba5d5bc5dd9c35ac6cb97a631752142faa0839423186

    • SHA512

      56ba499f7e9dddccb029337048713171bc47f9055de68bb4a734a617fc12bf1870326ab97c3838e6c16e809d1c38326a57585469f40843e6ed54d92b5f1cca76

    • SSDEEP

      12288:2TrZPDCk8aIcpSUM8IbLnFEeVJGAuG/g1ms5ULR:Ekk8av9IXFZoA9ghG

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks