General

  • Target

    FCane.exe

  • Size

    3.1MB

  • Sample

    231223-tsqvjabdb4

  • MD5

    5893b3ee001843389bdba2c1a6c37c28

  • SHA1

    8795835e38f4bf2cf552a79553f808a4f7c5566b

  • SHA256

    b2ae8c71e0a9040da348c8d3bf511343fc8c935336c79bb84c224ff8034d951d

  • SHA512

    b065d557ee22dc98da2a4b4e893d4f035ee94890dbfb784faad5e0559944028aed2bc786116133f0dfe4e7b898ffc90c691ecc32ad9ef62e2288067a1afd94aa

  • SSDEEP

    49152:6voG42pda6D+/PjlLOlg6yQipVMBj90FoGd0bTHHB72eh2NT:6vL42pda6D+/PjlLOlZyQipVMBj9o

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.107:4782

192.168.13.1:4782

192.168.8.101:4782

Mutex

77bd16cc-97f3-481a-986e-8bd149a8d5f3

Attributes
  • encryption_key

    AC8EF94E118CC869E2CB79A1654959B8D156342E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      FCane.exe

    • Size

      3.1MB

    • MD5

      5893b3ee001843389bdba2c1a6c37c28

    • SHA1

      8795835e38f4bf2cf552a79553f808a4f7c5566b

    • SHA256

      b2ae8c71e0a9040da348c8d3bf511343fc8c935336c79bb84c224ff8034d951d

    • SHA512

      b065d557ee22dc98da2a4b4e893d4f035ee94890dbfb784faad5e0559944028aed2bc786116133f0dfe4e7b898ffc90c691ecc32ad9ef62e2288067a1afd94aa

    • SSDEEP

      49152:6voG42pda6D+/PjlLOlg6yQipVMBj90FoGd0bTHHB72eh2NT:6vL42pda6D+/PjlLOlZyQipVMBj9o

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks