General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240407-hpa45afh73

  • MD5

    c19cf890d159b62570fa8f277b318baf

  • SHA1

    dfdd9df36921d298cbac731e5068b6b0d6565cca

  • SHA256

    1ac1e01b78d2bec8d2a5fa5948989cd95adbc5aade80ceb88161d6afb4a3a1d8

  • SHA512

    5243d3e708490a0c5454b69945b36031a96d817d6cb2fb7a6a098bb9ecfa73d712162a0b8fda7cc4538c9299283f18c4b749324ffb598878fe20d4be1a916417

  • SSDEEP

    49152:uvst62XlaSFNWPjljiFa2RoUYIbzvNuvoGduQTHHB72eh2NT:uvQ62XlaSFNWPjljiFXRoUYIbzvNu

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

4F90-F31A:4782

Mutex

755f883f-4d58-4349-bc9e-f21c4e163b6f

Attributes
  • encryption_key

    EE65D8F2E429F4900E3A17963595716D863A2455

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      c19cf890d159b62570fa8f277b318baf

    • SHA1

      dfdd9df36921d298cbac731e5068b6b0d6565cca

    • SHA256

      1ac1e01b78d2bec8d2a5fa5948989cd95adbc5aade80ceb88161d6afb4a3a1d8

    • SHA512

      5243d3e708490a0c5454b69945b36031a96d817d6cb2fb7a6a098bb9ecfa73d712162a0b8fda7cc4538c9299283f18c4b749324ffb598878fe20d4be1a916417

    • SSDEEP

      49152:uvst62XlaSFNWPjljiFa2RoUYIbzvNuvoGduQTHHB72eh2NT:uvQ62XlaSFNWPjljiFXRoUYIbzvNu

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks