General

  • Target

    winapp.exe

  • Size

    3.1MB

  • Sample

    231227-vqak7saacr

  • MD5

    d392cdbed5244c1fbd5b46d63dd519bc

  • SHA1

    3811346ed1ef2b549e10e75d508f411b7a1e9d6a

  • SHA256

    9724121bb6285ee007ee656a20a13cdd111a01fac23d1596a7e6b5e9a6a4cf44

  • SHA512

    4378130941bde8fcb009f42fd4addcc70b2f90a9cfa51c08fc00c1c8c307f51c4a62f0c66d996eb8a612d44792958a83d269db34eed9c5e542b1dc505c0f3f50

  • SSDEEP

    49152:QvVt62XlaSFNWPjljiFa2RoUYIOjmUmzhSoGdVTHHB72eh2NT:Qvn62XlaSFNWPjljiFXRoUYIOjm2

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.68.121:4782

Mutex

07c71602-ed7d-4d72-a4a1-2367e3b4adbd

Attributes
  • encryption_key

    C18D6F8157BC560BD6BBE10D32A41FE809451B75

  • install_name

    winapp.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    winapp

  • subdirectory

    WinApp

Targets

    • Target

      winapp.exe

    • Size

      3.1MB

    • MD5

      d392cdbed5244c1fbd5b46d63dd519bc

    • SHA1

      3811346ed1ef2b549e10e75d508f411b7a1e9d6a

    • SHA256

      9724121bb6285ee007ee656a20a13cdd111a01fac23d1596a7e6b5e9a6a4cf44

    • SHA512

      4378130941bde8fcb009f42fd4addcc70b2f90a9cfa51c08fc00c1c8c307f51c4a62f0c66d996eb8a612d44792958a83d269db34eed9c5e542b1dc505c0f3f50

    • SSDEEP

      49152:QvVt62XlaSFNWPjljiFa2RoUYIOjmUmzhSoGdVTHHB72eh2NT:Qvn62XlaSFNWPjljiFXRoUYIOjm2

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks