Overview

overview

10

Static

static

3

Client.exe

windows7-x64

10

Client.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.exe

  • Size

    1.2MB

  • Sample

    240201-plwd8adcc4

  • MD5

    e0578185ba00836f1971e48cf4da4580

  • SHA1

    42a4e35d4aab1d8cca6459a808573927cb4e18c7

  • SHA256

    6e7f1b5bd5b7696ef942013c9d8151420dd29849514be091b43b1fcb9a193d73

  • SHA512

    399ed216148ec9ec1c7aef1af0298abd3ffbeba73105ea398dc294370d25c57909e59563083a79a511732c0b8381ad19c551c0f3c1eb9b104b5c3e229c9c6775

  • SSDEEP

    24576:WBY9DN/ISlbnyr+rCy/++9vFgWZiA+8qIElcP25WwjorMjTXqxjfxl:WgDfmrEdS1iEmrGgd

Score
10/10
quasarnulledspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

nulled

C2

147.50.240.233:8008

Mutex

QSR_MUTEX_vjlanSKDAVykDAvDJ6

Attributes
  • encryption_key

    d4qN0cIZpTNNR0XsDxxy

  • install_name

    thick.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    updates

  • subdirectory

    SubDir

Targets

    • Target

      Client.exe

    • Size

      1.2MB

    • MD5

      e0578185ba00836f1971e48cf4da4580

    • SHA1

      42a4e35d4aab1d8cca6459a808573927cb4e18c7

    • SHA256

      6e7f1b5bd5b7696ef942013c9d8151420dd29849514be091b43b1fcb9a193d73

    • SHA512

      399ed216148ec9ec1c7aef1af0298abd3ffbeba73105ea398dc294370d25c57909e59563083a79a511732c0b8381ad19c551c0f3c1eb9b104b5c3e229c9c6775

    • SSDEEP

      24576:WBY9DN/ISlbnyr+rCy/++9vFgWZiA+8qIElcP25WwjorMjTXqxjfxl:WgDfmrEdS1iEmrGgd

    Score
    10/10
    quasarnulledspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks