General

  • Target

    Immirat.exe

  • Size

    3.1MB

  • Sample

    240317-dc2n4adb2y

  • MD5

    98ee6f75c240c0f70119bfca909cc236

  • SHA1

    11980f3e33670933eb07917cb9e4676ca7cfdc6c

  • SHA256

    5b95b143aaf7e78592aa86734c8f24105182abbf0edb1072284153a58728d8fd

  • SHA512

    32e260bf6168a9362536d1d4751526c98de4d5acb2de7cd860fc9b4664a3ee04237dcdfcbfada4f5eb3792486b3d0762ac15da55ddd27dcc15c1a0c1cd344161

  • SSDEEP

    49152:avCI22SsaNYfdPBldt698dBcjHTNLEfoGWmQTHHB72eh2NT:avP22SsaNYfdPBldt6+dBcjHTNLA

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

imranRAT

C2

68.225.240.203:4782

Mutex

9dc62ac4-7471-4057-b5f1-212eabe56136

Attributes
  • encryption_key

    D3B83A9986DADD4016C9CCF1608F57293E9C0E2B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    2999

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Immirat.exe

    • Size

      3.1MB

    • MD5

      98ee6f75c240c0f70119bfca909cc236

    • SHA1

      11980f3e33670933eb07917cb9e4676ca7cfdc6c

    • SHA256

      5b95b143aaf7e78592aa86734c8f24105182abbf0edb1072284153a58728d8fd

    • SHA512

      32e260bf6168a9362536d1d4751526c98de4d5acb2de7cd860fc9b4664a3ee04237dcdfcbfada4f5eb3792486b3d0762ac15da55ddd27dcc15c1a0c1cd344161

    • SSDEEP

      49152:avCI22SsaNYfdPBldt698dBcjHTNLEfoGWmQTHHB72eh2NT:avP22SsaNYfdPBldt6+dBcjHTNLA

MITRE ATT&CK Enterprise v15

Tasks