General

  • Target

    96f1a72749b4abe9f92e364dcd059dcb.exe

  • Size

    3.1MB

  • Sample

    240404-l17t1scf49

  • MD5

    96f1a72749b4abe9f92e364dcd059dcb

  • SHA1

    0480af36fc245942261e67428f4a8b8910d861fd

  • SHA256

    996e8d1afc74090b75f936ca57b1570de64dff0dbcdbffa411f9f6ed814fc43f

  • SHA512

    2386a5cebb41059293972879880142a087e18a1253c2d9c6b2eb28c5b1179410cf507a2dd6f3f166c99c1f780f15e6bcfbde228eac36616269158a04b9a06abe

  • SSDEEP

    49152:Cvkt62XlaSFNWPjljiFa2RoUYIbD0G2LoGdiPTHHB72eh2NT:Cv462XlaSFNWPjljiFXRoUYIbD0G4

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

45.88.186.209:4782

Mutex

e70efcae-9ec5-4682-aa19-15651d4d8cc8

Attributes
  • encryption_key

    4EF1547B5DB5058DCCEB6A60D48A54C35026D8D5

  • install_name

    gfhgfgjgf.exe

  • log_directory

    dfdfsf

  • reconnect_delay

    3000

  • startup_key

    hgfhjjhgj

  • subdirectory

    ghghghfg

Targets

    • Target

      96f1a72749b4abe9f92e364dcd059dcb.exe

    • Size

      3.1MB

    • MD5

      96f1a72749b4abe9f92e364dcd059dcb

    • SHA1

      0480af36fc245942261e67428f4a8b8910d861fd

    • SHA256

      996e8d1afc74090b75f936ca57b1570de64dff0dbcdbffa411f9f6ed814fc43f

    • SHA512

      2386a5cebb41059293972879880142a087e18a1253c2d9c6b2eb28c5b1179410cf507a2dd6f3f166c99c1f780f15e6bcfbde228eac36616269158a04b9a06abe

    • SSDEEP

      49152:Cvkt62XlaSFNWPjljiFa2RoUYIbD0G2LoGdiPTHHB72eh2NT:Cv462XlaSFNWPjljiFXRoUYIbD0G4

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks