General

  • Target

    acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c

  • Size

    1.3MB

  • Sample

    240106-b7qtzaedck

  • MD5

    9618ca6b1d92c21bc34e8eb244f2dc71

  • SHA1

    77c0123220f2133e5d857d181bec20f1e34669c5

  • SHA256

    acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c

  • SHA512

    c8da36836932cf396b8671cc4ce0433f1065c8036c47056046cb74311afabbc1c7426c5a89d72f31ba17b1a7f54e0d0aadedb175b6bb36515b6a83b218f3322d

  • SSDEEP

    24576:yhvJVJdMf0653D7jilY6MkfT8BUIPZ1TD3XjfmWlI8lWlHrix:C3ds7jilYLUTIUI5Iy6Hm

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.0.0.245:4782

192.168.56.1:4782

99.247.192.130:4782

Mutex

29fd0c6e-f22f-4381-839b-448094501b48

Attributes
  • encryption_key

    5C428187ECC1B4E662FECE9D197F4BA9623ED285

  • install_name

    System.exe

  • log_directory

    System Logs

  • reconnect_delay

    2000

  • startup_key

    System

  • subdirectory

    SubDir

Targets

    • Target

      acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c

    • Size

      1.3MB

    • MD5

      9618ca6b1d92c21bc34e8eb244f2dc71

    • SHA1

      77c0123220f2133e5d857d181bec20f1e34669c5

    • SHA256

      acd6a1d56e317e7b5a69567f37eb669a7f7f34afcd37d6e42f14f52e970c6c4c

    • SHA512

      c8da36836932cf396b8671cc4ce0433f1065c8036c47056046cb74311afabbc1c7426c5a89d72f31ba17b1a7f54e0d0aadedb175b6bb36515b6a83b218f3322d

    • SSDEEP

      24576:yhvJVJdMf0653D7jilY6MkfT8BUIPZ1TD3XjfmWlI8lWlHrix:C3ds7jilYLUTIUI5Iy6Hm

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks