Overview

overview

10

Static

static

3

blud.exe

windows7-x64

10

blud.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    blud.exe

  • Size

    3.1MB

  • Sample

    240316-phjk9ach36

  • MD5

    55306c52f9ed7365e9938c40af08496e

  • SHA1

    cc914160a9f4a5496654c0486d66e0943c052d7b

  • SHA256

    d90addee4f27e9c4ecee68ef64f57a731884d0b0da84dfc3049e3ab930a09673

  • SHA512

    6744dcd73ec7fbd9d34ea406f6d86092eae06ad9c13b32e5eb79b2c61436c62177e3dc5adacdf2ab96ffbf6be3a0d6b9ff67437eafc054c72b55f4c61a60dc13

  • SSDEEP

    49152:eb48V3wLBdGPpeKdWn96t19Lz4OPByg4W7N5chyiY5Od7lK:eb48V3odG8qmY76OPBN4WrcEfi0

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

authapi-41985.portmap.host:41985

Mutex

50fd280e-bda2-413a-9ebd-86236f4b0beb

Attributes
  • encryption_key

    E429F24E279E8B25742D0F5347151B0F90D031CA

  • install_name

    system.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    system

  • subdirectory

    SubDir

Targets

    • Target

      blud.exe

    • Size

      3.1MB

    • MD5

      55306c52f9ed7365e9938c40af08496e

    • SHA1

      cc914160a9f4a5496654c0486d66e0943c052d7b

    • SHA256

      d90addee4f27e9c4ecee68ef64f57a731884d0b0da84dfc3049e3ab930a09673

    • SHA512

      6744dcd73ec7fbd9d34ea406f6d86092eae06ad9c13b32e5eb79b2c61436c62177e3dc5adacdf2ab96ffbf6be3a0d6b9ff67437eafc054c72b55f4c61a60dc13

    • SSDEEP

      49152:eb48V3wLBdGPpeKdWn96t19Lz4OPByg4W7N5chyiY5Od7lK:eb48V3odG8qmY76OPBN4WrcEfi0

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks