General

  • Target

    SystemRuntime.bat

  • Size

    15.5MB

  • Sample

    240316-gccxhseh63

  • MD5

    71fb234791103f1c47b27efc369b82c8

  • SHA1

    15ee42f10a21f2342bd5a80897742ef43b687887

  • SHA256

    41b318509fdfec9aa9585c42d3d4dc0084eaa3aeaf6e15e3f2a628299d671ea4

  • SHA512

    3bcdb0283c118b62ba7f933d3a47433bb82b4a4253ffad2e27733b931bbe4e69699496d6db224464802e35af16378cc04d10013d16b06ecbbad07261e69e7084

  • SSDEEP

    49152:tt6p7ZUTeFu1kTcH7S8vdNmfnfpiL+LStD7P4+jIk2Pa7iFtsjgqBhLwREQrtbtc:J

Score
10/10

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      SystemRuntime.bat

    • Size

      15.5MB

    • MD5

      71fb234791103f1c47b27efc369b82c8

    • SHA1

      15ee42f10a21f2342bd5a80897742ef43b687887

    • SHA256

      41b318509fdfec9aa9585c42d3d4dc0084eaa3aeaf6e15e3f2a628299d671ea4

    • SHA512

      3bcdb0283c118b62ba7f933d3a47433bb82b4a4253ffad2e27733b931bbe4e69699496d6db224464802e35af16378cc04d10013d16b06ecbbad07261e69e7084

    • SSDEEP

      49152:tt6p7ZUTeFu1kTcH7S8vdNmfnfpiL+LStD7P4+jIk2Pa7iFtsjgqBhLwREQrtbtc:J

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks