Overview

overview

10

Static

static

10

test.exe

windows7-x64

10

test.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.exe

  • Size

    3.3MB

  • Sample

    240218-rwvxjsbf65

  • MD5

    fbeec3a99ddfa31e7aac9b09f4ca8158

  • SHA1

    2b66e39b1e98320db37578a317021f870a39302b

  • SHA256

    6aada60dd11d7a1157b24ccffa3d6ef2b5200487779ea648c36a92ffdba93af8

  • SHA512

    62bc3ee9f312d341116c37c8c0e781896699aa598e7904c2eb6fe5374aa17eda77fa053346e9909bf5677b4ccd59e7ea8e6d4ac5c637f434532abd040f24f88d

  • SSDEEP

    49152:KvyI22SsaNYfdPBldt698dBcjHdffaBxtFoGdKTHHB72eh2NT:Kvf22SsaNYfdPBldt6+dBcjHRfK

Score
10/10
parallaxquasaroffice04ratspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.220:1234

Mutex

1086eee1-251e-49e1-b643-b2a2bc0e42ea

Attributes
  • encryption_key

    A0937AB413B78114B0DA85D9EA95BA3AF9187438

  • install_name

    Updater.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Application Frame Handler

  • subdirectory

    Security

Targets

    • Target

      test.exe

    • Size

      3.3MB

    • MD5

      fbeec3a99ddfa31e7aac9b09f4ca8158

    • SHA1

      2b66e39b1e98320db37578a317021f870a39302b

    • SHA256

      6aada60dd11d7a1157b24ccffa3d6ef2b5200487779ea648c36a92ffdba93af8

    • SHA512

      62bc3ee9f312d341116c37c8c0e781896699aa598e7904c2eb6fe5374aa17eda77fa053346e9909bf5677b4ccd59e7ea8e6d4ac5c637f434532abd040f24f88d

    • SSDEEP

      49152:KvyI22SsaNYfdPBldt698dBcjHdffaBxtFoGdKTHHB72eh2NT:Kvf22SsaNYfdPBldt6+dBcjHRfK

    Score
    10/10
    parallaxquasaroffice04ratspywaretrojan

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks