General

  • Target

    fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4.exe

  • Size

    348KB

  • Sample

    240406-b851aahd94

  • MD5

    9d7f799067e3a1bf3596c7b693e912a3

  • SHA1

    f461a01547e439e83ae02a4ca8da6a7c2efa753a

  • SHA256

    fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4

  • SHA512

    89d4d7463b2c459decebbc5d217af49c24080442b999b968c23b85861cf22e0cc241085bd685ee4e0dfe58405099ed0feae76ec771390faa8b8ef7cad19abb0f

  • SSDEEP

    6144:77qQ4i1FFiEKLJ5aMEb2lEyg77CukNnEwTWhFF+:npliN5jC77Cu3wTM+

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

promesasalvaro1.duckdns.org:4782

Mutex

QSR_MUTEX_l1M93VuqIyiH8hEQ4I

Attributes
  • encryption_key

    2g2JgGNmrJPJ7nSHkWmk

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4.exe

    • Size

      348KB

    • MD5

      9d7f799067e3a1bf3596c7b693e912a3

    • SHA1

      f461a01547e439e83ae02a4ca8da6a7c2efa753a

    • SHA256

      fbc526c8f283b181391aa13ca98e82a99859aeef3f0fb7ef7a0ed155392663b4

    • SHA512

      89d4d7463b2c459decebbc5d217af49c24080442b999b968c23b85861cf22e0cc241085bd685ee4e0dfe58405099ed0feae76ec771390faa8b8ef7cad19abb0f

    • SSDEEP

      6144:77qQ4i1FFiEKLJ5aMEb2lEyg77CukNnEwTWhFF+:npliN5jC77Cu3wTM+

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Detects Windows executables referencing non-Windows User-Agents

    • Detects executables containing common artifacts observed in infostealers

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks