General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240406-yk91nahd4v

  • MD5

    49a65e235d14a56d3043ddd95790e68d

  • SHA1

    e3418e08e2c869b4970faa7f8ac166129a038770

  • SHA256

    753e958ea04ee6a765f09e2ca60f56cc2959bb45aea66a77ee6ba3326cb36720

  • SHA512

    7e8a30bd9dd0ab92ad673f540ec6cb4f841baf57b2593618c0106fc385cfd69405b46d7b757a440d18d5c0dcc6273cd8589b5c389a1d76899ea7ffe6d603794e

  • SSDEEP

    49152:Sv2I22SsaNYfdPBldt698dBcjH63eG0+DvJkwoGdhTHHB72eh2NT:Svb22SsaNYfdPBldt6+dBcjH/+v

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

wasted9sss1-56353.portmap.host:4782

Mutex

f6d58747-a97c-4537-9d9d-312d4a425082

Attributes
  • encryption_key

    517C077DB1E3D3485387F0B31BBF986E71312477

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    system32

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      49a65e235d14a56d3043ddd95790e68d

    • SHA1

      e3418e08e2c869b4970faa7f8ac166129a038770

    • SHA256

      753e958ea04ee6a765f09e2ca60f56cc2959bb45aea66a77ee6ba3326cb36720

    • SHA512

      7e8a30bd9dd0ab92ad673f540ec6cb4f841baf57b2593618c0106fc385cfd69405b46d7b757a440d18d5c0dcc6273cd8589b5c389a1d76899ea7ffe6d603794e

    • SSDEEP

      49152:Sv2I22SsaNYfdPBldt698dBcjH63eG0+DvJkwoGdhTHHB72eh2NT:Svb22SsaNYfdPBldt6+dBcjH/+v

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks