General

  • Target

    b71bf7eef397522a3ca415fd83c0c393e328eaf5c61edf622289cfc5c2b4f6dd

  • Size

    10.7MB

  • Sample

    240313-y2f4xahe56

  • MD5

    8634d93ae4d9e6a763b3fe9d140d820e

  • SHA1

    1c95c71759a567de680b1297c8246d9bfdd2b5eb

  • SHA256

    b71bf7eef397522a3ca415fd83c0c393e328eaf5c61edf622289cfc5c2b4f6dd

  • SHA512

    7466e9aba04c00150b0c3fef0a4523b31b744f844eaef11b153d970324cd6c23be114d4a553bf95ba035cfef74fc2319e73f5fda433a7cc178b7cc223992b5f3

  • SSDEEP

    196608:LjFFiW2UScT5iw+iwlDXIIwQAlNTyCxI5lIBbNy4AGyqrkE8vdkTnldj0I2b:399iw+iwlTyRG5Kz1AG60HQLb

Score
10/10

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      Loader/Loader.bat

    • Size

      15.5MB

    • MD5

      93541c36ee40795ccc189fb022516b54

    • SHA1

      e5e6bdbd95f51cbfc6517ac23c82b78692070adf

    • SHA256

      003e0a11bab9bfd3ddf52b2accc22b49e63840f3c87d159ab40a643a2924d2bb

    • SHA512

      2f97eac0aadff823d43252eafaf424aa254765b929c27e7e4f98a842878ae19957cfa12b41d15a06b0101b2ed475e616b648428e8e8a1401f6ccbfc221e3eac2

    • SSDEEP

      49152:lCMYz+PxQXhhrdeSscl/8fV2zPUyZQQMjYyVAOXm2qSFSNDgrcg5RwoPP6zKu7zl:A

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks