General

  • Target

    Quasar.exe

  • Size

    8.0MB

  • Sample

    240328-xlx7taee75

  • MD5

    4d7c306bbb5c2f62379b1fdeaad0f7b8

  • SHA1

    1c9512048e01292cb24f6952afdb85da3ef954ea

  • SHA256

    6acec4a4a735297616310dfbe21f95510ce4eccab39c778ec1a628ec6b905255

  • SHA512

    e1094197ca12f7ea6d3d4de4116d8f53915ff27c197314ed4d7e56d67c1158d4b832151a870b997dbbaea41b010a14cfe2d0a5f3ec65ea379c7c05acfc8f14db

  • SSDEEP

    196608:eXHRrj1q61W903eV4QJ7MToEuGxgh858F0ibfUxgAB6knSeCUkzd:oxQwW+eGQJ7MTozGxu8C0ibftelUzd

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

v0.1

C2

serveo.net:11453

Mutex

abff0131-e47c-48a9-acbf-670ddd76b7c2

Attributes
  • encryption_key

    86DD7DA02996F71324EA9A66B712B0F1735056E7

  • install_name

    APF.exe

  • log_directory

    ms_ess

  • reconnect_delay

    3000

  • startup_key

    Microsoft application

  • subdirectory

    ms_essentials

Targets

    • Target

      Quasar.exe

    • Size

      8.0MB

    • MD5

      4d7c306bbb5c2f62379b1fdeaad0f7b8

    • SHA1

      1c9512048e01292cb24f6952afdb85da3ef954ea

    • SHA256

      6acec4a4a735297616310dfbe21f95510ce4eccab39c778ec1a628ec6b905255

    • SHA512

      e1094197ca12f7ea6d3d4de4116d8f53915ff27c197314ed4d7e56d67c1158d4b832151a870b997dbbaea41b010a14cfe2d0a5f3ec65ea379c7c05acfc8f14db

    • SSDEEP

      196608:eXHRrj1q61W903eV4QJ7MToEuGxgh858F0ibfUxgAB6knSeCUkzd:oxQwW+eGQJ7MTozGxu8C0ibftelUzd

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      111.pyc

    • Size

      1KB

    • MD5

      7e404cf50f2a328d0cf8e6dd9b85d86b

    • SHA1

      eb76e98987fc5e8f6d1c040fbbed09dcc26ac760

    • SHA256

      c312f1f5d55c702b8848297eb76031e0c1d359914d5b71d918dc651e29342a3e

    • SHA512

      0fcfcc0fbb7ec771ddb7108a2f3d9daff27fab4440c8ce02ade3804e7a1972c0f67af8240cd8855d10f1e03952ba95cea085999d472cd2269cef02a5bc78b9a4

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks