General

  • Target

    setup (1).bat

  • Size

    14KB

  • Sample

    240317-cg6m6sbh52

  • MD5

    2c0ee080298d0de1320e6e7eda4ca39b

  • SHA1

    edd03f96d4f4277a24e541376fdddf43439b4a99

  • SHA256

    7e81cadeef133c8230dbe26f95a66d3b47cead73ba1e37170ac95869abe17f8e

  • SHA512

    ffdfd43eb46107be849d3e1938d1db0be87d27700799a9f31527b512abaca615241c6ee2d6358061d5ea133233aa0edda9908091419c024977b25365064d9e64

  • SSDEEP

    192:HbKSAmk7b/FQASmmZrQCgljChA4DW0JyquFnpUoH:H28k7b/hkQCgljwAEbyvFpL

Score
10/10

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      setup (1).bat

    • Size

      14KB

    • MD5

      2c0ee080298d0de1320e6e7eda4ca39b

    • SHA1

      edd03f96d4f4277a24e541376fdddf43439b4a99

    • SHA256

      7e81cadeef133c8230dbe26f95a66d3b47cead73ba1e37170ac95869abe17f8e

    • SHA512

      ffdfd43eb46107be849d3e1938d1db0be87d27700799a9f31527b512abaca615241c6ee2d6358061d5ea133233aa0edda9908091419c024977b25365064d9e64

    • SSDEEP

      192:HbKSAmk7b/FQASmmZrQCgljChA4DW0JyquFnpUoH:H28k7b/hkQCgljwAEbyvFpL

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks