General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240407-hvjcpaga76

  • MD5

    611c00289362a3dc272247f674bc65a4

  • SHA1

    22cc41462ae01f9c1ef6798c81b9171142c3c478

  • SHA256

    3309e317ee90f72e3ea2da41be5462ff078b673f5b3e622f953197b9dfd313af

  • SHA512

    14df276ff86b91349a5f63370b4a8895664e5a617057888a20f0739007db8875209df305afc350477828dd4bf04067ea8211dd8c45525d4e34060fc3e302d9ee

  • SSDEEP

    49152:XvVG42pda6D+/PjlLOlg6yQipVbZNP/oGdawATHHB72eh2NT:XvM42pda6D+/PjlLOlZyQipVbZN3t

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

predictor.serveblog.net:4782

192.168.1.102:4782

Mutex

755f883f-4d58-4349-bc9e-f21c4e163b6f

Attributes
  • encryption_key

    EE65D8F2E429F4900E3A17963595716D863A2455

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      611c00289362a3dc272247f674bc65a4

    • SHA1

      22cc41462ae01f9c1ef6798c81b9171142c3c478

    • SHA256

      3309e317ee90f72e3ea2da41be5462ff078b673f5b3e622f953197b9dfd313af

    • SHA512

      14df276ff86b91349a5f63370b4a8895664e5a617057888a20f0739007db8875209df305afc350477828dd4bf04067ea8211dd8c45525d4e34060fc3e302d9ee

    • SSDEEP

      49152:XvVG42pda6D+/PjlLOlg6yQipVbZNP/oGdawATHHB72eh2NT:XvM42pda6D+/PjlLOlZyQipVbZN3t

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks