Overview

overview

10

Static

static

3

Client-bui...ub.exe

windows7-x64

10

Client-bui...ub.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built-stub-fub.exe

  • Size

    3.2MB

  • Sample

    240307-2m2nvagb67

  • MD5

    9f12e3815f269826203a1baae1761698

  • SHA1

    a6f1047279952df4f0c4b0f15fbef84d2a8ef2f5

  • SHA256

    fbe5f5d43d9c6631ff75557f9eec341c15b58cac301de3b573bc1913a4daa3e0

  • SHA512

    1c086a83fa969bacadef854eaddc6ad72f51abb1536a27af5c89604df3cc9641765cbd4d5bb6144956b07d0a8fd8fd3318665e6185b69d80235fdbc92d0f960d

  • SSDEEP

    49152:St+NHEEtT54YyDAP4m2w99yvHT+8sVEDjP+IMh2d8KdZOQra3txClJHgo4jL4/jL:cbEt9HnEo9U+KjPe0d/dcTHmtx4j6jL

Score
10/10
quasardefaultspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Default

C2

dksj.wi-fi.rip:4782

Mutex

f62fc232-4c6c-47fc-9704-2111bc364f22

Attributes
  • encryption_key

    E883FEA800A47B3B853A04DDCD0D162E782B41B7

  • install_name

    Client.exe

  • log_directory

    fdgdg

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built-stub-fub.exe

    • Size

      3.2MB

    • MD5

      9f12e3815f269826203a1baae1761698

    • SHA1

      a6f1047279952df4f0c4b0f15fbef84d2a8ef2f5

    • SHA256

      fbe5f5d43d9c6631ff75557f9eec341c15b58cac301de3b573bc1913a4daa3e0

    • SHA512

      1c086a83fa969bacadef854eaddc6ad72f51abb1536a27af5c89604df3cc9641765cbd4d5bb6144956b07d0a8fd8fd3318665e6185b69d80235fdbc92d0f960d

    • SSDEEP

      49152:St+NHEEtT54YyDAP4m2w99yvHT+8sVEDjP+IMh2d8KdZOQra3txClJHgo4jL4/jL:cbEt9HnEo9U+KjPe0d/dcTHmtx4j6jL

    Score
    10/10
    quasardefaultspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks