General

  • Target

    c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4

  • Size

    3.2MB

  • Sample

    240313-dhxmbsbc71

  • MD5

    5d04c84add433ddf601ff9de6862d9bf

  • SHA1

    32e33e2ed46bff117148f21f038b98b462a8fca6

  • SHA256

    c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4

  • SHA512

    4fd86b27d75e06900b2b06c772fb3ba1236e39d4c99bf07b21c9fb5545dcd1554e7dc476faf7a5e4e94063d9cb9a8365286a4c553ebc1cddca39580b285be9a0

  • SSDEEP

    49152:QvBt62XlaSFNWPjljiFa2RoUYIJIRJ6MbR3LoGd4CTHHB72eh2NT:Qvr62XlaSFNWPjljiFXRoUYIJIRJ6WI

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

paras

C2

myhost567098.ddns.net:4782

Mutex

ed3740ef-5b56-4c1b-b8e8-4869a98d9df2

Attributes
  • encryption_key

    DF1B77D370240560AD7587D3FEFAC938EF88DB93

  • install_name

    gta 6.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    gta update

  • subdirectory

    game

Targets

    • Target

      c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4

    • Size

      3.2MB

    • MD5

      5d04c84add433ddf601ff9de6862d9bf

    • SHA1

      32e33e2ed46bff117148f21f038b98b462a8fca6

    • SHA256

      c4ce370872ed6186d6a00aabb37e59936ea264bd5ee7e61bc366aa5fbbfc8cf4

    • SHA512

      4fd86b27d75e06900b2b06c772fb3ba1236e39d4c99bf07b21c9fb5545dcd1554e7dc476faf7a5e4e94063d9cb9a8365286a4c553ebc1cddca39580b285be9a0

    • SSDEEP

      49152:QvBt62XlaSFNWPjljiFa2RoUYIJIRJ6MbR3LoGd4CTHHB72eh2NT:Qvr62XlaSFNWPjljiFXRoUYIJIRJ6WI

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks