General

  • Target

    client.exe

  • Size

    3.1MB

  • Sample

    240317-c4tbcsch6v

  • MD5

    e17bfe5bcf6c7d02d7390979ef14c56f

  • SHA1

    4138484b1a87ee0c274c9caa44f59b519c2318b5

  • SHA256

    c2357eacdf6eb12b6193620c41f16df0371b4b584c9a5b9284ecc49525b02714

  • SHA512

    b8031016874a188ef398afc7143796bc3758d6ebdbafb157bb391c9a2e3d21905918276a6ef84317ff06cb5dd7ba569c156cc8da67fef8c6e46a949c1151cdd8

  • SSDEEP

    49152:PvCI22SsaNYfdPBldt698dBcjHb9Sk1J/hoGdRcTHHB72eh2NT:PvP22SsaNYfdPBldt6+dBcjHb9S+

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

imranRAT

C2

68.225.240.203:443

Mutex

9dc62ac4-7471-4057-b5f1-212eabe56136

Attributes
  • encryption_key

    D3B83A9986DADD4016C9CCF1608F57293E9C0E2B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    2999

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      client.exe

    • Size

      3.1MB

    • MD5

      e17bfe5bcf6c7d02d7390979ef14c56f

    • SHA1

      4138484b1a87ee0c274c9caa44f59b519c2318b5

    • SHA256

      c2357eacdf6eb12b6193620c41f16df0371b4b584c9a5b9284ecc49525b02714

    • SHA512

      b8031016874a188ef398afc7143796bc3758d6ebdbafb157bb391c9a2e3d21905918276a6ef84317ff06cb5dd7ba569c156cc8da67fef8c6e46a949c1151cdd8

    • SSDEEP

      49152:PvCI22SsaNYfdPBldt698dBcjHb9Sk1J/hoGdRcTHHB72eh2NT:PvP22SsaNYfdPBldt6+dBcjHb9S+

MITRE ATT&CK Enterprise v15

Tasks