General

  • Target

    2320-2-0x0000000001000000-0x00000000016A0000-memory.dmp

  • Size

    6.6MB

  • Sample

    231109-mgzvqsgg8s

  • MD5

    1da07aca3e56a6b348098c8cc9376ad5

  • SHA1

    0ec7242997de8ecf814d17a2b4700a14d56ea65f

  • SHA256

    c8f54b5d97391b05951382dffde7ef6c508f26342ad5f6256ed20836b8897191

  • SHA512

    012b9ab3c84c15c5eec75e888b03f173336de0c74dc215fb26597dba73628dae17d8dd6fcc84b640af8a9e3bc2838fdf4c1c53b2584c75e0bf4533f402acf5e8

  • SSDEEP

    98304:LvWL26AaNeWgPhlmVqkQ7XSKUv4q0argCWxzIy0cejphrreCEVe77z/Bvg:jG4SWHe/Ee11eCE8Pp

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

boogerbreath-59460.portmap.host:59460

Mutex

77fd1379-6dd2-4765-b853-6c99d9930f92

Attributes
  • encryption_key

    AA372A6B176F2D90F285D3A63B4330C0BE4BA34E

  • install_name

    Client.exe

  • log_directory

    Jqims81j8jewioJAIO

  • reconnect_delay

    1

  • startup_key

    services

  • subdirectory

    SubDir

Targets

    • Target

      2320-2-0x0000000001000000-0x00000000016A0000-memory.dmp

    • Size

      6.6MB

    • MD5

      1da07aca3e56a6b348098c8cc9376ad5

    • SHA1

      0ec7242997de8ecf814d17a2b4700a14d56ea65f

    • SHA256

      c8f54b5d97391b05951382dffde7ef6c508f26342ad5f6256ed20836b8897191

    • SHA512

      012b9ab3c84c15c5eec75e888b03f173336de0c74dc215fb26597dba73628dae17d8dd6fcc84b640af8a9e3bc2838fdf4c1c53b2584c75e0bf4533f402acf5e8

    • SSDEEP

      98304:LvWL26AaNeWgPhlmVqkQ7XSKUv4q0argCWxzIy0cejphrreCEVe77z/Bvg:jG4SWHe/Ee11eCE8Pp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks