General

  • Target

    Hydra.exe

  • Size

    3.1MB

  • Sample

    231117-3amvlafd45

  • MD5

    b84bc71ccbfd1c60ec80f46d4068f057

  • SHA1

    72ce9e07d5d8b5783c7a82ed217948c9d8f3c39f

  • SHA256

    89041e69e1148566c390112550065c36b795fe219ed47221c41810c5bb8b390c

  • SHA512

    390df52eb7f7264be584f7eea3b7d74a371036654acc232303ffa9717969d0c76d4d64f886932858b5053a899af4ef81d53036d582545fa640e733120a9c84a0

  • SSDEEP

    49152:evkt62XlaSFNWPjljiFa2RoUYIljwLEuU1k/yCLoGdcTHHB72eh2NT:ev462XlaSFNWPjljiFXRoUYI1w6M

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

quasardeez.ddns.net:4782

Mutex

10b0c070-9195-4332-883e-1686f4075485

Attributes
  • encryption_key

    828B07DBE7EF17F6F1013D02AA4C06E87BC2CE2E

  • install_name

    Hydra.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    scvhost

  • subdirectory

    SubDir

Targets

    • Target

      Hydra.exe

    • Size

      3.1MB

    • MD5

      b84bc71ccbfd1c60ec80f46d4068f057

    • SHA1

      72ce9e07d5d8b5783c7a82ed217948c9d8f3c39f

    • SHA256

      89041e69e1148566c390112550065c36b795fe219ed47221c41810c5bb8b390c

    • SHA512

      390df52eb7f7264be584f7eea3b7d74a371036654acc232303ffa9717969d0c76d4d64f886932858b5053a899af4ef81d53036d582545fa640e733120a9c84a0

    • SSDEEP

      49152:evkt62XlaSFNWPjljiFa2RoUYIljwLEuU1k/yCLoGdcTHHB72eh2NT:ev462XlaSFNWPjljiFXRoUYI1w6M

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks