General

  • Target

    qsr.exe

  • Size

    3.1MB

  • Sample

    240312-e5g1tsge4x

  • MD5

    ac7b7f68066cbc718aa2a67f10de5efb

  • SHA1

    4707a795092858e307d628e51504e06543f9e43b

  • SHA256

    0ff20c4d06d7f5d2a258515572f7fc1c9e25580b44e4e6469444bd0adffa142a

  • SHA512

    0016adeffb28c687a11588aa3b002080b0ff9e7f575df358f4ef1a162de1845f14190de5cd948c829b86762c3d81a7802ed1f02af3646313e832cea82ed85884

  • SSDEEP

    49152:CvfI22SsaNYfdPBldt698dBcjH2CD1JuLoGdNTHHB72eh2NT:Cvw22SsaNYfdPBldt6+dBcjH2C0

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

faggot04

C2

192.168.1.1:4782

Mutex

35d8d0ac-1d82-4d57-b8b2-283b0f5da10a

Attributes
  • encryption_key

    31FA6EEF03F17469692032E8114E0AE50F34D046

  • install_name

    Client.exe

  • log_directory

    Program Files (x64)

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    SubDir

Targets

    • Target

      qsr.exe

    • Size

      3.1MB

    • MD5

      ac7b7f68066cbc718aa2a67f10de5efb

    • SHA1

      4707a795092858e307d628e51504e06543f9e43b

    • SHA256

      0ff20c4d06d7f5d2a258515572f7fc1c9e25580b44e4e6469444bd0adffa142a

    • SHA512

      0016adeffb28c687a11588aa3b002080b0ff9e7f575df358f4ef1a162de1845f14190de5cd948c829b86762c3d81a7802ed1f02af3646313e832cea82ed85884

    • SSDEEP

      49152:CvfI22SsaNYfdPBldt698dBcjH2CD1JuLoGdNTHHB72eh2NT:Cvw22SsaNYfdPBldt6+dBcjH2C0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks