General

  • Target

    NEAS.308a412c956af7b492faa3d04d73de50.exe

  • Size

    3.1MB

  • Sample

    231106-crrxrshd65

  • MD5

    308a412c956af7b492faa3d04d73de50

  • SHA1

    2b5aa40bb2706851915b9fa80b5b6c27923f1f64

  • SHA256

    880e51da9ed94ba0cd1a24691edab9fd6d5d349bf90c950c4bb84b8d61fae53f

  • SHA512

    98894029171870a53d38835160213019f2319043abf8804204ce51cccde468fe89fea072343a20fce30535caae82db16975e314afa093c2e1d414e259ebe233b

  • SSDEEP

    98304:NIg8I9WtxU/Pom7ZlHMg8ISxoJXEUz0PqN:y6WtRoJX70PqN

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

zeroski.ink:4782

Mutex

745f5e57-61d0-4335-a97d-37d447eb583d

Attributes
  • encryption_key

    F48794CF898BB4C5B6223D4F472D7C5E4AD2EF9D

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      NEAS.308a412c956af7b492faa3d04d73de50.exe

    • Size

      3.1MB

    • MD5

      308a412c956af7b492faa3d04d73de50

    • SHA1

      2b5aa40bb2706851915b9fa80b5b6c27923f1f64

    • SHA256

      880e51da9ed94ba0cd1a24691edab9fd6d5d349bf90c950c4bb84b8d61fae53f

    • SHA512

      98894029171870a53d38835160213019f2319043abf8804204ce51cccde468fe89fea072343a20fce30535caae82db16975e314afa093c2e1d414e259ebe233b

    • SSDEEP

      98304:NIg8I9WtxU/Pom7ZlHMg8ISxoJXEUz0PqN:y6WtRoJX70PqN

MITRE ATT&CK Matrix

Tasks