General

  • Target

    vanta_cheats.exe

  • Size

    3.1MB

  • Sample

    240316-vp2y3afc3s

  • MD5

    c54044566c3352b28327ddc294695ab5

  • SHA1

    a89732e18c53ef1659a898b6fac49c24294b6c14

  • SHA256

    8d0e093031c670b3ee069bbecc4960d21cbb87f26ed88c555ab171223321ba3e

  • SHA512

    44b4c243bc6e07495ad4929ea5e9abebd17393d4d2f84d9525ab8df9c5f69418bb917b2aa6581bdeddab5e4af194436fbb0eb6a59d0de446bbe43a76ae5c3de4

  • SSDEEP

    98304:GgDl7C18IJXKLUbdgPNBnBt+O2dvdK0UaP+1:GgDlu18IJXZbd67BYO2dEaY

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CC

C2

shipping-this.gl.at.ply.gg:65482

Mutex

be7c8be5-1c90-4041-93b3-9ed6c07a5447

Attributes
  • encryption_key

    8EC72619299BC687C66FCFA592B13A27DAF9DC23

  • install_name

    Vanta_slotted.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Edge

  • subdirectory

    SubDir

Targets

    • Target

      vanta_cheats.exe

    • Size

      3.1MB

    • MD5

      c54044566c3352b28327ddc294695ab5

    • SHA1

      a89732e18c53ef1659a898b6fac49c24294b6c14

    • SHA256

      8d0e093031c670b3ee069bbecc4960d21cbb87f26ed88c555ab171223321ba3e

    • SHA512

      44b4c243bc6e07495ad4929ea5e9abebd17393d4d2f84d9525ab8df9c5f69418bb917b2aa6581bdeddab5e4af194436fbb0eb6a59d0de446bbe43a76ae5c3de4

    • SSDEEP

      98304:GgDl7C18IJXKLUbdgPNBnBt+O2dvdK0UaP+1:GgDlu18IJXZbd67BYO2dEaY

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks