General

  • Target

    klarcrack.exe

  • Size

    3.1MB

  • Sample

    240403-233k3sff4x

  • MD5

    137131a8d5de17ad363c8a16317caafc

  • SHA1

    9067bcca3e183b3d5bec4da114eff1de764843d6

  • SHA256

    693e126484497a348bdedf9eda9263a68fb19b92c7449ccec419274d7ee61394

  • SHA512

    8ccf84deb0372f5a834d988887dcd9acbefa8fefa4ffdb225eafb50827ff1db8bb5c98074b2d4c2d188761303634c22064a87cb8ebf781ed535ad39c14767285

  • SSDEEP

    49152:Pvkt62XlaSFNWPjljiFa2RoUYISdQebRRaLoGduTHHB72eh2NT:Pv462XlaSFNWPjljiFXRoUYISdQwE

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.214.1:4782

Mutex

d611c55c-eed6-46f5-b41f-31ded400b5b1

Attributes
  • encryption_key

    80385BA8C17CE50152104E573DF78F0BE61B58AA

  • install_name

    Klar.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    34534683576

  • subdirectory

    SubDir

Targets

    • Target

      klarcrack.exe

    • Size

      3.1MB

    • MD5

      137131a8d5de17ad363c8a16317caafc

    • SHA1

      9067bcca3e183b3d5bec4da114eff1de764843d6

    • SHA256

      693e126484497a348bdedf9eda9263a68fb19b92c7449ccec419274d7ee61394

    • SHA512

      8ccf84deb0372f5a834d988887dcd9acbefa8fefa4ffdb225eafb50827ff1db8bb5c98074b2d4c2d188761303634c22064a87cb8ebf781ed535ad39c14767285

    • SSDEEP

      49152:Pvkt62XlaSFNWPjljiFa2RoUYISdQebRRaLoGduTHHB72eh2NT:Pv462XlaSFNWPjljiFXRoUYISdQwE

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks