General

  • Target

    2024-04-04_2c72b65665d34efba097fa6128d825bd_icedid_xrat

  • Size

    4.7MB

  • Sample

    240404-asb7lahc7s

  • MD5

    2c72b65665d34efba097fa6128d825bd

  • SHA1

    b1c26f09d946c2ce568c05588a18a2d6dc7b64d7

  • SHA256

    4730e887f11522e44593c9b86d221b3c8465570b25db28dfb071c345266b5fd9

  • SHA512

    29de2fc57640d1a6355bb6945cebe0e945bfa46d2c165f9710279a0c6e086566e67aae8e5da342bea31216195dfd1fcbefa5605b6ed6c159e2c3d7dd8379df35

  • SSDEEP

    98304:3FMUxv9jU6vr22SsaNYfdPBldt6+dBcjHtKRJ6BKIbzZcIbzZY:dHM7jGIhRK

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

mx5.deitie.asia:4495

Mutex

ebbf737a-dddd-43dd-9b0a-74831302455d

Attributes
  • encryption_key

    F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      2024-04-04_2c72b65665d34efba097fa6128d825bd_icedid_xrat

    • Size

      4.7MB

    • MD5

      2c72b65665d34efba097fa6128d825bd

    • SHA1

      b1c26f09d946c2ce568c05588a18a2d6dc7b64d7

    • SHA256

      4730e887f11522e44593c9b86d221b3c8465570b25db28dfb071c345266b5fd9

    • SHA512

      29de2fc57640d1a6355bb6945cebe0e945bfa46d2c165f9710279a0c6e086566e67aae8e5da342bea31216195dfd1fcbefa5605b6ed6c159e2c3d7dd8379df35

    • SSDEEP

      98304:3FMUxv9jU6vr22SsaNYfdPBldt6+dBcjHtKRJ6BKIbzZcIbzZY:dHM7jGIhRK

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks