General

  • Target

    tmp

  • Size

    3.1MB

  • Sample

    231122-jcnp5aba23

  • MD5

    1335ea3b575ea12970ae595a60441d26

  • SHA1

    189ee218a95b4a8203f8edb63e50b16fb3a81000

  • SHA256

    58e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2

  • SHA512

    136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf

  • SSDEEP

    49152:DvbI22SsaNYfdPBldt698dBcjHbswTbRvILoGd1ZTHHB72eh2NT:Dvk22SsaNYfdPBldt6+dBcjHbsw9m

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.109.1:1800

Mutex

551312a4-69e2-49ef-a9fc-324282122b52

Attributes
  • encryption_key

    2C8CD3E5B94023D4196F46D6FC4A100DF5B725FE

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      tmp

    • Size

      3.1MB

    • MD5

      1335ea3b575ea12970ae595a60441d26

    • SHA1

      189ee218a95b4a8203f8edb63e50b16fb3a81000

    • SHA256

      58e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2

    • SHA512

      136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf

    • SSDEEP

      49152:DvbI22SsaNYfdPBldt698dBcjHbswTbRvILoGd1ZTHHB72eh2NT:Dvk22SsaNYfdPBldt6+dBcjHbsw9m

MITRE ATT&CK Enterprise v15

Tasks