General

  • Target

    Client.exe

  • Size

    3.1MB

  • Sample

    231105-z1s8hscg3x

  • MD5

    1b9d131113ba317f61c680608d1f5044

  • SHA1

    3a6740e37ca55933bd2977f4a4e0223b4abe02ae

  • SHA256

    2c2352205f2ce5df483aadd89af9ed9750bb1df13b246906e92cf31101572537

  • SHA512

    6b7127d5e28e1a6661e5c84d473375ff4475d87225b331fbf2fd9252f57c7b611fd0accda7520812833fe996bf0001ed68c0d7c89946c31b06041a4c7f7b3193

  • SSDEEP

    49152:uviI22SsaNYfdPBldt698dBcjH3vRJ6sbR3LoGd9sTHHB72eh2NT:uvv22SsaNYfdPBldt6+dBcjH3vRJ62

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

tr2.localto.net:46564

Mutex

c47e2046-1058-430b-9398-803360379972

Attributes
  • encryption_key

    76663067AA8B43723242B084D486BDDB88B05879

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client.exe

    • Size

      3.1MB

    • MD5

      1b9d131113ba317f61c680608d1f5044

    • SHA1

      3a6740e37ca55933bd2977f4a4e0223b4abe02ae

    • SHA256

      2c2352205f2ce5df483aadd89af9ed9750bb1df13b246906e92cf31101572537

    • SHA512

      6b7127d5e28e1a6661e5c84d473375ff4475d87225b331fbf2fd9252f57c7b611fd0accda7520812833fe996bf0001ed68c0d7c89946c31b06041a4c7f7b3193

    • SSDEEP

      49152:uviI22SsaNYfdPBldt698dBcjH3vRJ6sbR3LoGd9sTHHB72eh2NT:uvv22SsaNYfdPBldt6+dBcjH3vRJ62

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks