General

  • Target

    Premium_Cleaner(Cracked by st).exe

  • Size

    3.2MB

  • Sample

    240412-gzmp8sgd33

  • MD5

    f89428aba2b28f3124d40f262710fc46

  • SHA1

    0b9db50a873682e781b0e378004b0d7e6b415f78

  • SHA256

    e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a

  • SHA512

    16e576b694ed0ee9796d13504a6489ff501eb2b9cd576e442318090d46f5433afce4ce39d031e8eca92b95a4b90a6dc9926b13d04021ef48d9bf3d8698165540

  • SSDEEP

    49152:QvyI22SsaNYfdPBldt698dBcjHAfRJ6pbR3LoGdFkTHHB72eh2NT:Qvf22SsaNYfdPBldt6+dBcjHAfRJ6r

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Sentiax-51535.portmap.io:51535

Mutex

b16f14a5-eba8-46dc-b974-11a9193ee5c1

Attributes
  • encryption_key

    504CA536F80AA42E62457478D8A6A72CDC6CA06F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Premium_Cleaner(Cracked by st)

  • subdirectory

    SubDir

Targets

    • Target

      Premium_Cleaner(Cracked by st).exe

    • Size

      3.2MB

    • MD5

      f89428aba2b28f3124d40f262710fc46

    • SHA1

      0b9db50a873682e781b0e378004b0d7e6b415f78

    • SHA256

      e51b436055f0e48e04b3c7c89dce20ac35aef6d63b178c42d6285cf21401ec4a

    • SHA512

      16e576b694ed0ee9796d13504a6489ff501eb2b9cd576e442318090d46f5433afce4ce39d031e8eca92b95a4b90a6dc9926b13d04021ef48d9bf3d8698165540

    • SSDEEP

      49152:QvyI22SsaNYfdPBldt698dBcjHAfRJ6pbR3LoGdFkTHHB72eh2NT:Qvf22SsaNYfdPBldt6+dBcjHAfRJ6r

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks