General

  • Target

    42047a3bda7fa746b62f4140bde1202f1746940b61145ae3209907a5ea95dfbc

  • Size

    3.1MB

  • Sample

    240403-vg5pzsga72

  • MD5

    3db30c01a9ac8f9db4eb52c97a6cc678

  • SHA1

    f2e2bdafc4194e936e2ba74a35e6ea60e897e904

  • SHA256

    42047a3bda7fa746b62f4140bde1202f1746940b61145ae3209907a5ea95dfbc

  • SHA512

    5e59d4d18ee3b9f351393ddc03494f541048058eee04cb49ddf4a9e9043e397d50b6de15c9e3b2b1ea1cca597764d55453cdc1084caa1e7a0acb231ed6dbac8b

  • SSDEEP

    49152:3vXI22SsaNYfdPBldt698dBcjHS4A/yBxLzoGd4tkTHHB72eh2NT:3vY22SsaNYfdPBldt6+dBcjHS/i

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.3.193:4782

Mutex

9076803c-a117-4c71-972a-bb9646674dc5

Attributes
  • encryption_key

    B0F82119F08B50916F7F59840988B6B80D7EADC8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      42047a3bda7fa746b62f4140bde1202f1746940b61145ae3209907a5ea95dfbc

    • Size

      3.1MB

    • MD5

      3db30c01a9ac8f9db4eb52c97a6cc678

    • SHA1

      f2e2bdafc4194e936e2ba74a35e6ea60e897e904

    • SHA256

      42047a3bda7fa746b62f4140bde1202f1746940b61145ae3209907a5ea95dfbc

    • SHA512

      5e59d4d18ee3b9f351393ddc03494f541048058eee04cb49ddf4a9e9043e397d50b6de15c9e3b2b1ea1cca597764d55453cdc1084caa1e7a0acb231ed6dbac8b

    • SSDEEP

      49152:3vXI22SsaNYfdPBldt698dBcjHS4A/yBxLzoGd4tkTHHB72eh2NT:3vY22SsaNYfdPBldt6+dBcjHS/i

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks