General

  • Target

    explorer.exe

  • Size

    6.7MB

  • Sample

    231117-mw9cqagh29

  • MD5

    122dab9ce8c4dafdebadc3aff6ee4f23

  • SHA1

    2a5e8a942d49f1b278cdeb7d450bbbf46ead7eb3

  • SHA256

    1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a

  • SHA512

    8d304f1b020644fd3002cfb7cf40b432493eca80028b920a5af119d643ab170be4b5b62a4ff039c97ac2a322fa4e6e5e252e71214a05a4009bb37aaea633a1ad

  • SSDEEP

    196608:w5TWDyAAYG9xzHkkUo80YBgSEmmvz87okj:+cxPG9xAkJ80YBBIzO

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

45.32.119.154:4782

Mutex

54a78e9b-95fb-449b-9a22-c22b0cb9bedb

Attributes
  • encryption_key

    8D3F702A8D4FBFC89815720AB5EE7FFAA0B223D6

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Microsoft System Run

  • subdirectory

    SubDir

Targets

    • Target

      explorer.exe

    • Size

      6.7MB

    • MD5

      122dab9ce8c4dafdebadc3aff6ee4f23

    • SHA1

      2a5e8a942d49f1b278cdeb7d450bbbf46ead7eb3

    • SHA256

      1186dac5cf754305a3faf7a6a9fd3ab02f1eb8272e56e23ceddad9cdab50aa2a

    • SHA512

      8d304f1b020644fd3002cfb7cf40b432493eca80028b920a5af119d643ab170be4b5b62a4ff039c97ac2a322fa4e6e5e252e71214a05a4009bb37aaea633a1ad

    • SSDEEP

      196608:w5TWDyAAYG9xzHkkUo80YBgSEmmvz87okj:+cxPG9xAkJ80YBBIzO

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks