General

  • Target

    12332e311cefd7bc4b016ab51b885c7a

  • Size

    1.0MB

  • Sample

    231230-jch5msdfg6

  • MD5

    12332e311cefd7bc4b016ab51b885c7a

  • SHA1

    bc6e892c3c381b9155d9a6b28f31bfa1235c061d

  • SHA256

    67860b6c376983094f49a5a09dcaae107c693a2cdfbd203065ca2415a32f11cb

  • SHA512

    c75bd668bd4c842eef944d4e49c1675a6bbdb003b4cfb79832de4140f4c18c51d9b9b60db07262b96ceac140100724bf7f36ef1a1639afa8e1bd616cb2524ffe

  • SSDEEP

    12288:kARNJ6j3LBFsSfNJwZH3Uw2oQb+9BXNwQlsljyFVRelCuXjV+apo+gO0aoUWqnDF:bLJ+FFsSFJg9LuuqnDonB1e

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

10.8.31.138:28394

Mutex

QSR_MUTEX_8o3qZGCFefA40MAkOh

Attributes
  • encryption_key

    Gmm1w4utIxJXOFfCOJbk

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      12332e311cefd7bc4b016ab51b885c7a

    • Size

      1.0MB

    • MD5

      12332e311cefd7bc4b016ab51b885c7a

    • SHA1

      bc6e892c3c381b9155d9a6b28f31bfa1235c061d

    • SHA256

      67860b6c376983094f49a5a09dcaae107c693a2cdfbd203065ca2415a32f11cb

    • SHA512

      c75bd668bd4c842eef944d4e49c1675a6bbdb003b4cfb79832de4140f4c18c51d9b9b60db07262b96ceac140100724bf7f36ef1a1639afa8e1bd616cb2524ffe

    • SSDEEP

      12288:kARNJ6j3LBFsSfNJwZH3Uw2oQb+9BXNwQlsljyFVRelCuXjV+apo+gO0aoUWqnDF:bLJ+FFsSFJg9LuuqnDonB1e

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks