General

  • Target

    bloxflip-predictor-v2.0.2.exe

  • Size

    3.4MB

  • Sample

    240401-nzne4aeb56

  • MD5

    a17f4fc90d2263e9cfa18145ce7ae9db

  • SHA1

    029b8ef07bdee3d042026789c9b07dc4fb5e9551

  • SHA256

    bd2902ab762b5c9aab5b030c636e11ab0cb65c167803fef87932a9b068d88081

  • SHA512

    274521af50ea5476fe2a9b1f11bd2611e7d7c184a95398bc78bd168350663f6307079648c95b6d1c48abb6c02ada8abb25eac7717439ee7c3c32ccb7e01cdd6e

  • SSDEEP

    49152:/vzlL26AaNeWgPhlmVqvMQ7XSKtbS3marwLoGd5ETHHB72eh2NTR/:/vpL26AaNeWgPhlmVqkQ7XSK83uh

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.155:4782

Mutex

58154cc7-0891-4733-ab4b-c7c144aecaef

Attributes
  • encryption_key

    EB977F60015ED224C8A5C972B27117BFED12E627

  • install_name

    bloxflip-predictor.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Startup Client

  • subdirectory

    SubDir

Targets

    • Target

      bloxflip-predictor-v2.0.2.exe

    • Size

      3.4MB

    • MD5

      a17f4fc90d2263e9cfa18145ce7ae9db

    • SHA1

      029b8ef07bdee3d042026789c9b07dc4fb5e9551

    • SHA256

      bd2902ab762b5c9aab5b030c636e11ab0cb65c167803fef87932a9b068d88081

    • SHA512

      274521af50ea5476fe2a9b1f11bd2611e7d7c184a95398bc78bd168350663f6307079648c95b6d1c48abb6c02ada8abb25eac7717439ee7c3c32ccb7e01cdd6e

    • SSDEEP

      49152:/vzlL26AaNeWgPhlmVqvMQ7XSKtbS3marwLoGd5ETHHB72eh2NTR/:/vpL26AaNeWgPhlmVqkQ7XSK83uh

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks