General

  • Target

    RoseLauncher.exe

  • Size

    7.1MB

  • Sample

    231118-z9kyhaff85

  • MD5

    f196c0c3b9aa4b1b7012663da4b9f74f

  • SHA1

    422c25336627c469bdc381eff6e04e6d95249226

  • SHA256

    d976b04ab19eee9b799301d75411d6b7cbb81e4195e74e63e846f8a495ee794f

  • SHA512

    fec823afecf1504bcfd0ef3acd808c4045b1e0a1496417ba4eaf2c0ad19064109d65b8983b918c06c9654547ad175ba961a01fa5fa6bf77a4bbcc8e2972962b0

  • SSDEEP

    98304:IWTzHqdVfB2FS27wbyuT/9vUIdD9C+z3zO917vOTh+ezDNh7ovmJ1nmOBN9n4m93:IQQsQbT/9bvLz3S1bA3zNn97zJV

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

LaraLoveU-44526.portmap.host:44526

Mutex

QSR_MUTEX_FzYyCES1fI0geSNN76

Attributes
  • encryption_key

    BtlUgm9pRf1dn6UTZHHI

  • install_name

    RoseLauncherV3.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows HD Driver

  • subdirectory

    Windows

Targets

    • Target

      RoseLauncher.exe

    • Size

      7.1MB

    • MD5

      f196c0c3b9aa4b1b7012663da4b9f74f

    • SHA1

      422c25336627c469bdc381eff6e04e6d95249226

    • SHA256

      d976b04ab19eee9b799301d75411d6b7cbb81e4195e74e63e846f8a495ee794f

    • SHA512

      fec823afecf1504bcfd0ef3acd808c4045b1e0a1496417ba4eaf2c0ad19064109d65b8983b918c06c9654547ad175ba961a01fa5fa6bf77a4bbcc8e2972962b0

    • SSDEEP

      98304:IWTzHqdVfB2FS27wbyuT/9vUIdD9C+z3zO917vOTh+ezDNh7ovmJ1nmOBN9n4m93:IQQsQbT/9bvLz3S1bA3zNn97zJV

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      �n����.pyc

    • Size

      1KB

    • MD5

      2518692fe3fe5c9e8df01ff7b62d6760

    • SHA1

      17f23028757ed2b58059e9277867f4205630539c

    • SHA256

      dc212ec0f7004931c1c7081134a2c0edd991db574f355846aaab425da425ee3a

    • SHA512

      cdb387e6efe4df90e46b3db97d75dac54d383106d24b97e1bd2b58423c7c47159937e2c33bfd73f972f6e2074edba9aa78491e2a4c5e11eeda35192f551bf881

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks