General

  • Target

    Loader.bat

  • Size

    15.5MB

  • Sample

    240315-pzwbdaaf69

  • MD5

    93541c36ee40795ccc189fb022516b54

  • SHA1

    e5e6bdbd95f51cbfc6517ac23c82b78692070adf

  • SHA256

    003e0a11bab9bfd3ddf52b2accc22b49e63840f3c87d159ab40a643a2924d2bb

  • SHA512

    2f97eac0aadff823d43252eafaf424aa254765b929c27e7e4f98a842878ae19957cfa12b41d15a06b0101b2ed475e616b648428e8e8a1401f6ccbfc221e3eac2

  • SSDEEP

    49152:lCMYz+PxQXhhrdeSscl/8fV2zPUyZQQMjYyVAOXm2qSFSNDgrcg5RwoPP6zKu7zl:A

Score
10/10

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      Loader.bat

    • Size

      15.5MB

    • MD5

      93541c36ee40795ccc189fb022516b54

    • SHA1

      e5e6bdbd95f51cbfc6517ac23c82b78692070adf

    • SHA256

      003e0a11bab9bfd3ddf52b2accc22b49e63840f3c87d159ab40a643a2924d2bb

    • SHA512

      2f97eac0aadff823d43252eafaf424aa254765b929c27e7e4f98a842878ae19957cfa12b41d15a06b0101b2ed475e616b648428e8e8a1401f6ccbfc221e3eac2

    • SSDEEP

      49152:lCMYz+PxQXhhrdeSscl/8fV2zPUyZQQMjYyVAOXm2qSFSNDgrcg5RwoPP6zKu7zl:A

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks