General

  • Target

    2024-01-01_862a7ef9e5d955ccc15d71090c6c569a_icedid_xrat

  • Size

    4.7MB

  • Sample

    240105-gf4jmsdfa3

  • MD5

    862a7ef9e5d955ccc15d71090c6c569a

  • SHA1

    3b9de7471f2fada3aa316ff781bd55b15f74d12b

  • SHA256

    84d49466f2599b3ecc7cb706a04ae6924532b046fb9056e74fafddf6e332eea2

  • SHA512

    5949c4b7f0ae3a9348a614e16cdf209051f08f97a8c98229adaef49cc2aa6f023c2f267748ff26cfe9b5221f579d1e39c19fd27551461875ba4b520b2f122aa3

  • SSDEEP

    98304:gzwnGx9It5vH22SsaNYfdPBldt6+dBcjHk/bz0IbzZpIbzZY:SwY7jsbznAK

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

frp.deitie.asia:5555

Mutex

b827dda2-f30e-4465-be3c-2f1d6a93d4a7

Attributes
  • encryption_key

    465C04B3B0E08D663A071A4F330370E7A7DAD7A4

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      2024-01-01_862a7ef9e5d955ccc15d71090c6c569a_icedid_xrat

    • Size

      4.7MB

    • MD5

      862a7ef9e5d955ccc15d71090c6c569a

    • SHA1

      3b9de7471f2fada3aa316ff781bd55b15f74d12b

    • SHA256

      84d49466f2599b3ecc7cb706a04ae6924532b046fb9056e74fafddf6e332eea2

    • SHA512

      5949c4b7f0ae3a9348a614e16cdf209051f08f97a8c98229adaef49cc2aa6f023c2f267748ff26cfe9b5221f579d1e39c19fd27551461875ba4b520b2f122aa3

    • SSDEEP

      98304:gzwnGx9It5vH22SsaNYfdPBldt6+dBcjHk/bz0IbzZpIbzZY:SwY7jsbznAK

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks