General

  • Target

    5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b.exe

  • Size

    3.1MB

  • Sample

    240401-bhnnbahf22

  • MD5

    caddfe2adb6d8c878a2a1001e7fd4fd7

  • SHA1

    6d4b54d81a061efc4a1562d3adae524a22d158df

  • SHA256

    5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b

  • SHA512

    1aa011a1be34baa824468af55317c66cf78abc36883075cb3388a0631db512c97d05b0b9ab2a6ee9f93bfe3a276fd557eab07d5653a02b5eb67eb3f62870a405

  • SSDEEP

    49152:mvkt62XlaSFNWPjljiFa2RoUYIQaDkE2Hok/+FtoGdRSTHHB72eh2NT:mv462XlaSFNWPjljiFXRoUYIQaD5T

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

185.196.10.233:4782

Mutex

a244256d-314d-4857-83fe-790ac24d7897

Attributes
  • encryption_key

    0EC03133971030F6D05E6D59F71626F6543BBE65

  • install_name

    gfdgfdg.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    fgfdhdgg

  • subdirectory

    gfgfgf

Targets

    • Target

      5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b.exe

    • Size

      3.1MB

    • MD5

      caddfe2adb6d8c878a2a1001e7fd4fd7

    • SHA1

      6d4b54d81a061efc4a1562d3adae524a22d158df

    • SHA256

      5ac4db28729ef274c94e5a65ea6f2900be893f63d3b984a7ba27cc83a2c54e1b

    • SHA512

      1aa011a1be34baa824468af55317c66cf78abc36883075cb3388a0631db512c97d05b0b9ab2a6ee9f93bfe3a276fd557eab07d5653a02b5eb67eb3f62870a405

    • SSDEEP

      49152:mvkt62XlaSFNWPjljiFa2RoUYIQaDkE2Hok/+FtoGdRSTHHB72eh2NT:mv462XlaSFNWPjljiFXRoUYIQaD5T

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks