General

  • Target

    71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce.exe

  • Size

    3.1MB

  • Sample

    240401-bjzf7shf68

  • MD5

    479ebaee10717b48969ebfc7d10ffef2

  • SHA1

    3061bd9bc43d9d580af7d590a3ea8a134488a70c

  • SHA256

    71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce

  • SHA512

    fe6a28e898d52a673a23cab72f231a5c9e4998528184fc422d33d3fe6c4ebd91ddb2ee881925c8f8b7e81391b85c9b5e8bcfbbcc0c9db38ccb1b7908efb92b93

  • SSDEEP

    49152:DvbI22SsaNYfdPBldt698dBcjHdGRJ6VbR3LoGd3THHB72eh2NTA:Dvk22SsaNYfdPBldt6+dBcjHdGRJ6n3

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

185.196.10.233:4782

Mutex

a244256d-314d-4857-83fe-790ac24d7897

Attributes
  • encryption_key

    0EC03133971030F6D05E6D59F71626F6543BBE65

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce.exe

    • Size

      3.1MB

    • MD5

      479ebaee10717b48969ebfc7d10ffef2

    • SHA1

      3061bd9bc43d9d580af7d590a3ea8a134488a70c

    • SHA256

      71e4d35156e913340d32d565806004c2297bfbc05b747874279830e34056dbce

    • SHA512

      fe6a28e898d52a673a23cab72f231a5c9e4998528184fc422d33d3fe6c4ebd91ddb2ee881925c8f8b7e81391b85c9b5e8bcfbbcc0c9db38ccb1b7908efb92b93

    • SSDEEP

      49152:DvbI22SsaNYfdPBldt698dBcjHdGRJ6VbR3LoGd3THHB72eh2NTA:Dvk22SsaNYfdPBldt6+dBcjHdGRJ6n3

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

MITRE ATT&CK Enterprise v15

Tasks