General

  • Target

    disneyclient.exe

  • Size

    3.6MB

  • Sample

    240329-vtlgwadc91

  • MD5

    cef7d0722f455b8875fa1859a2533f14

  • SHA1

    b1c45fa8f4f36e314099b32f64f1f72304a836ac

  • SHA256

    3462988bac3c4590a31be348acd1a494cd6c66759cd794685f05a89e602b49bd

  • SHA512

    7a36a74b8fda00e5959f9951a837c99fe1945e8782fd3ff2a2ed24351424a49bd90841ac7056e85b17f8a7723590aa8a8581106bedcbc2cdf5d72f00e80b9f00

  • SSDEEP

    98304:4ZsVXA1ZKfbldHiU+FoLgk88IrBPwgLl4:UseGjnztgL

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

RAT

C2

51.178.39.226:4782

51.178.39.226:6606

Mutex

3dbbdd7b-5d37-4992-809f-8e9a09dc9e8a

Attributes
  • encryption_key

    0114248F10A48FFAB2A971FCD42D277259B1A6C4

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    vdst

  • subdirectory

    SubDir

Targets

    • Target

      disneyclient.exe

    • Size

      3.6MB

    • MD5

      cef7d0722f455b8875fa1859a2533f14

    • SHA1

      b1c45fa8f4f36e314099b32f64f1f72304a836ac

    • SHA256

      3462988bac3c4590a31be348acd1a494cd6c66759cd794685f05a89e602b49bd

    • SHA512

      7a36a74b8fda00e5959f9951a837c99fe1945e8782fd3ff2a2ed24351424a49bd90841ac7056e85b17f8a7723590aa8a8581106bedcbc2cdf5d72f00e80b9f00

    • SSDEEP

      98304:4ZsVXA1ZKfbldHiU+FoLgk88IrBPwgLl4:UseGjnztgL

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks