General

  • Target

    FirePresets.exe

  • Size

    3.1MB

  • Sample

    240402-2ez52sff99

  • MD5

    4342f33b930042e45016e1b0ff1a94fb

  • SHA1

    195544fbcbf9fd7a619e91b85706cdbeb001ad05

  • SHA256

    38b96aaec37373ee6683e39dd310b12eda4dbe262fcde935a1df2372c007943e

  • SHA512

    ec19b1852a36dd2eb5c671c7c578ec39e99e4aaf0cdeb9a262f54c01e53a5f242682d2ec4c493a2374ce32615ace05afc22425ff78857a5fa9471e95f49bced3

  • SSDEEP

    49152:yvkt62XlaSFNWPjljiFa2RoUYIvCI1JHLoGdGzTHHB72eh2NT:yv462XlaSFNWPjljiFXRoUYIvC8

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.104:4782

Mutex

953d39e6-1633-40a0-8cc2-4d2d8cad2ea3

Attributes
  • encryption_key

    EF99DE7C0D1844DEB399B006F859DA4303E4B15C

  • install_name

    Test.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    TheTest

  • subdirectory

    SubDir

Targets

    • Target

      FirePresets.exe

    • Size

      3.1MB

    • MD5

      4342f33b930042e45016e1b0ff1a94fb

    • SHA1

      195544fbcbf9fd7a619e91b85706cdbeb001ad05

    • SHA256

      38b96aaec37373ee6683e39dd310b12eda4dbe262fcde935a1df2372c007943e

    • SHA512

      ec19b1852a36dd2eb5c671c7c578ec39e99e4aaf0cdeb9a262f54c01e53a5f242682d2ec4c493a2374ce32615ace05afc22425ff78857a5fa9471e95f49bced3

    • SSDEEP

      49152:yvkt62XlaSFNWPjljiFa2RoUYIvCI1JHLoGdGzTHHB72eh2NT:yv462XlaSFNWPjljiFXRoUYIvC8

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks