General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240407-vwt7ssaa73

  • MD5

    96bda7e2b90225a588674f3de228e620

  • SHA1

    b891305ef12a32016f1a8f7b6fc442321a3e4d02

  • SHA256

    143bbf5bac623e9042c4878583568b9a25688f82771e59c04ad6512fc1cf9941

  • SHA512

    71d890bc461111ba74f19d3521eaf5b0afe0ef6008378648cabfdedad4245fe804dfa7665a4bca5567bcb8a8d9e955efefd93c413a9ee6a58a7c3d46a6c4e023

  • SSDEEP

    49152:nviI22SsaNYfdPBldt698dBcjH5HCRyCAarzaoGdWTHHB72eh2NT:nvv22SsaNYfdPBldt6+dBcjHNXC0

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

73.238.161.169:4782

Mutex

6f2da1e0-0b1d-4489-8337-4b54f7842996

Attributes
  • encryption_key

    C3507C52E0A338AFEFD6D5EFFBE2D0543A9115C7

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      96bda7e2b90225a588674f3de228e620

    • SHA1

      b891305ef12a32016f1a8f7b6fc442321a3e4d02

    • SHA256

      143bbf5bac623e9042c4878583568b9a25688f82771e59c04ad6512fc1cf9941

    • SHA512

      71d890bc461111ba74f19d3521eaf5b0afe0ef6008378648cabfdedad4245fe804dfa7665a4bca5567bcb8a8d9e955efefd93c413a9ee6a58a7c3d46a6c4e023

    • SSDEEP

      49152:nviI22SsaNYfdPBldt698dBcjH5HCRyCAarzaoGdWTHHB72eh2NT:nvv22SsaNYfdPBldt6+dBcjHNXC0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks