General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240407-hte9msfe4y

  • MD5

    ff5bd07dcdfb3bd5d8c65a29eb3ed8be

  • SHA1

    10a1bec3916604a660a3bfe12cf94f452a6b97c3

  • SHA256

    a020684317ac3536e304bd189a4885100a83951a9807b2d1b6bd1e7b42e354bc

  • SHA512

    599f33164da41203ea08f94681e732980b62311698aacf6bbef96c9b5dfc1bec45c50135a299f7d6cc51e2721d20da5131cb46da76334de93788465517ccaacc

  • SSDEEP

    49152:3vaI22SsaNYfdPBldt698dBcjHAqB9eW2iWfk/QsoGdH+THHB72eh2NT:3vX22SsaNYfdPBldt6+dBcjHfB9e+

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

predictor.serveblog.net:4782

Mutex

755f883f-4d58-4349-bc9e-f21c4e163b6f

Attributes
  • encryption_key

    EE65D8F2E429F4900E3A17963595716D863A2455

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      ff5bd07dcdfb3bd5d8c65a29eb3ed8be

    • SHA1

      10a1bec3916604a660a3bfe12cf94f452a6b97c3

    • SHA256

      a020684317ac3536e304bd189a4885100a83951a9807b2d1b6bd1e7b42e354bc

    • SHA512

      599f33164da41203ea08f94681e732980b62311698aacf6bbef96c9b5dfc1bec45c50135a299f7d6cc51e2721d20da5131cb46da76334de93788465517ccaacc

    • SSDEEP

      49152:3vaI22SsaNYfdPBldt698dBcjHAqB9eW2iWfk/QsoGdH+THHB72eh2NT:3vX22SsaNYfdPBldt6+dBcjHfB9e+

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks