General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240406-zn2zwsaf5z

  • MD5

    41860d50841fb6ad3341497300684215

  • SHA1

    40eb43dd467cf118288faea23196f0a13e652c35

  • SHA256

    102b5df01e1c2e08c38dafb39871accbd9330f8486472482d90281705e889432

  • SHA512

    d8a127d4318796c2cb96c104e1e65b113ea3b3708af4a083e99c54472997e50d9c17341c05bf53d011e5215da4b31ef418212d19a5f2d42efcc6adc525f965c8

  • SSDEEP

    49152:rv2I22SsaNYfdPBldt698dBcjH/x28mzQUoGd108uTHHB72eh2NT:rvb22SsaNYfdPBldt6+dBcjH/x2xq

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

wasted9sss1-54777.portmap.io:4782

Mutex

58d5349c-f008-4af6-b8bf-469d2569c61b

Attributes
  • encryption_key

    517C077DB1E3D3485387F0B31BBF986E71312477

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    system32

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      41860d50841fb6ad3341497300684215

    • SHA1

      40eb43dd467cf118288faea23196f0a13e652c35

    • SHA256

      102b5df01e1c2e08c38dafb39871accbd9330f8486472482d90281705e889432

    • SHA512

      d8a127d4318796c2cb96c104e1e65b113ea3b3708af4a083e99c54472997e50d9c17341c05bf53d011e5215da4b31ef418212d19a5f2d42efcc6adc525f965c8

    • SSDEEP

      49152:rv2I22SsaNYfdPBldt698dBcjH/x28mzQUoGd108uTHHB72eh2NT:rvb22SsaNYfdPBldt6+dBcjH/x2xq

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks