General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    231231-3ycdrsahh4

  • MD5

    116a6e0ec7a9d2923e91031c299cae04

  • SHA1

    abd8d030900d2a2065407881d209bfd9155ceda1

  • SHA256

    2161ac1f32f0aeb9b968e28924c52a5c77b06197275266fb7fcc7242523d614e

  • SHA512

    4a6ef9a62e32d7142022ed0047c6a36d1398925ee6280ff029693f1e65f4a19b263637c9a1f8086ceaece428a300cc391ef42ef98d9172405b74c005d1febc8c

  • SSDEEP

    49152:rvaI22SsaNYfdPBldt698dBcjHxaHKZzhBvJaIoGdoTHHB72eh2NT:rvX22SsaNYfdPBldt6+dBcjHVhR

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

147.185.221.17:56251

Mutex

c181eaca-58fb-484b-ba93-7a421f1c73df

Attributes
  • encryption_key

    FA61BB391485391FC63D1BCC330AC41C5A430E22

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    2000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      116a6e0ec7a9d2923e91031c299cae04

    • SHA1

      abd8d030900d2a2065407881d209bfd9155ceda1

    • SHA256

      2161ac1f32f0aeb9b968e28924c52a5c77b06197275266fb7fcc7242523d614e

    • SHA512

      4a6ef9a62e32d7142022ed0047c6a36d1398925ee6280ff029693f1e65f4a19b263637c9a1f8086ceaece428a300cc391ef42ef98d9172405b74c005d1febc8c

    • SSDEEP

      49152:rvaI22SsaNYfdPBldt698dBcjHxaHKZzhBvJaIoGdoTHHB72eh2NT:rvX22SsaNYfdPBldt6+dBcjHVhR

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks