General

  • Target

    Account Gen.zip

  • Size

    1.2MB

  • Sample

    231115-s3715ada6s

  • MD5

    384b49426968c43151f6721e55f72cb3

  • SHA1

    6b40377a02117f66138cfdb6252e63507c639184

  • SHA256

    2662a59faf074abd357ae710b362fc15ac13afa8b028f82852c7ddbe634366cc

  • SHA512

    1fc03eae22f67ee2c3628e492d81a35c5a53b29c250b1ec14520ceaae1651e2df85302abb114148bfac286c9852e45bed7e66184fbe3e479b88f2cb8b1286456

  • SSDEEP

    24576:94+5wmhcnpEpAidGFuy9idk3EIg/oSw+mJFgtZMqg+HeRbYZy3PUQynL:94N8cnpEqidGFX986/gc+oevfg+HeR0p

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

testrun.ddns.net:4782

Mutex

fd9b8a19-128c-46b0-894c-d756c440e4ce

Attributes
  • encryption_key

    1B16CA1138657AE4B0F5533A4344EDE1274EF9A6

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Account gen/AccountGenV2.exe

    • Size

      3.1MB

    • MD5

      b3d01e7505bc74ff5fe3407638da4242

    • SHA1

      6cc7bb4fc57fa861aaec61d472d3affa85293b26

    • SHA256

      bfe73168debb53dae9f90c4b5dfbcf0508c83716a15cad7b634f868bbd0f6438

    • SHA512

      7c676bcfdb61e89a1cbd53bfd1fa3e1b208d272a67b2017c03f5c7e805cc030ddf6d18d75b701161eaacb565d51fd01b5722d9e90856ba88812a6bf83f247ec6

    • SSDEEP

      49152:CvXI22SsaNYfdPBldt698dBcjHHmDJERH+k/OgVoGd1NTHHB72eh2NT:CvY22SsaNYfdPBldt6+dBcjHHmDlOF

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks