General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    231227-2sfcsshchk

  • MD5

    82dafc7a902d60421957561baf7e6397

  • SHA1

    9e3cae5d8f4d51866389787f0cb6989ccc068001

  • SHA256

    37d30f9f28f61ffeb1a8f041167966dc075c62b123d832e738548cd4909d54fd

  • SHA512

    cce55b18f49176733d7064ba5a3528c1588b4eb1b3b5fb8b19dd2c86e05dc18a1a1bc2354733a105e7c11fed61961dfb90917e1fc172bf86b436ee90e9ede1db

  • SSDEEP

    49152:PvoA62jiaQDKwPFlJn3xFQsZQONie2EGaSk/uh5oGdiQ9THHB72eh2NT:Pv562jiaQDKwPFlJn3TQsZQONieGfy

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.178.197:4782

Mutex

773205e2-ac0d-48ce-a795-b7aae050cb04

Attributes
  • encryption_key

    C386CCE5ECD7D474E230DC2237D09BEA11EC9EB8

  • install_name

    RtkAudUService64.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Realtek HD Audio Universal Service

  • subdirectory

    Realtek HD Audio Universal Service

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      82dafc7a902d60421957561baf7e6397

    • SHA1

      9e3cae5d8f4d51866389787f0cb6989ccc068001

    • SHA256

      37d30f9f28f61ffeb1a8f041167966dc075c62b123d832e738548cd4909d54fd

    • SHA512

      cce55b18f49176733d7064ba5a3528c1588b4eb1b3b5fb8b19dd2c86e05dc18a1a1bc2354733a105e7c11fed61961dfb90917e1fc172bf86b436ee90e9ede1db

    • SSDEEP

      49152:PvoA62jiaQDKwPFlJn3xFQsZQONie2EGaSk/uh5oGdiQ9THHB72eh2NT:Pv562jiaQDKwPFlJn3TQsZQONieGfy

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks