General

  • Target

    HexAttacker aim assistFORT1.rar

  • Size

    1.0MB

  • Sample

    240329-zfm6rsaa28

  • MD5

    7db3b1fdd6d1c3f73f2edb1b14cad14b

  • SHA1

    23b7d35687898053ae29a7eb40e07c0e550837a6

  • SHA256

    d99615a3aa26993fa6c56757eec3cd2c2b82c4eb3edf5c561fc4ea2d4545e05e

  • SHA512

    cfe955813726a6963c0269dae71287eaebb3b3d8225c5f599b2b3ae3f043ac9ece9d6cabe877079c3193a9228c1f5feae64a153b188f12d41200ca66009cb3db

  • SSDEEP

    24576:E6VIxUSOJNzYuo8VwtFrPghTo1VNS8AftBybwR8P+4S6N:v2UjbzYyVkiE/N3PbwKWBQ

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

da

C2

192.168.1.221:4782

Mutex

eb5d7b57-cea9-428d-b049-de1a39cabb31

Attributes
  • encryption_key

    549051CF8891BE12C122797CC5CBE23D6839FE43

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      HexAttacker aim assistFORT1/HexAttacker aim assistFORT/HexAttacker aim assist.exe

    • Size

      3.1MB

    • MD5

      763354ddbec52a620da13b1127fea666

    • SHA1

      bc12ddd5326cffbf5baa30b0d660541a0e6a6741

    • SHA256

      6d6d21b36bffb7a0c3779f7029498478517a47b0be21a6eb42efe19892d89a34

    • SHA512

      e947182420c9c1368bbd47593f71f15f935992a90978e291f970eaaf30f39269ccc98f4d9dfba4da05a4d452ea9b1aac2e4f682929c745da0ca7277aaa1b348b

    • SSDEEP

      49152:WvyI22SsaNYfdPBldt698dBcjHn7RwSBxQjoGdhgTHHB72eh2NT:Wvf22SsaNYfdPBldt6+dBcjHdwV

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Target

      HexAttacker aim assistFORT1/HexAttacker aim assistFORT/install_requirements.bat

    • Size

      38B

    • MD5

      4dcef1a00fab20e9bc78bf6604610423

    • SHA1

      dd6713f82e6b5db2b228ff82df9c02f8cf66943a

    • SHA256

      951f2e24c2a3f7ec40b2c8b12b984c72c1c98acc6489ec33d8f0f065ef877130

    • SHA512

      3cc1cab42b3d3827298449976532da31468fcc2533769a51c96d3b1276b132daee2e2cd62f1c1bacae804786c44fb55f98f9b2de1ca9b124b2130bfa2f5a7cc6

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks