General

  • Target

    MainBuild.exe

  • Size

    3.1MB

  • Sample

    240417-z1wnmsfd9y

  • MD5

    3bbe6fc1601a30703de700e53c6f072f

  • SHA1

    e59be8b17dde867d5dd52d563f6c115149f4473a

  • SHA256

    96e859dad002f1e69e810c5f6ac60926f71a5ec03b4a7bde6cb9935f2927fbc3

  • SHA512

    197a18f9d5d01cee50c160450b23e60b3a770e4140462b032efe44cfd9e9b2a6fa513ada7bef341624e20fd6760ca1e492de4fd2b359da660735dafc518c3ce0

  • SSDEEP

    49152:Gvkt62XlaSFNWPjljiFa2RoUYIYxrEDkGk/JxfoGdOTHHB72eh2NT:Gv462XlaSFNWPjljiFXRoUYIYx31

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

Mutex

25d56285-d107-418c-8a2b-195563744f12

Attributes
  • encryption_key

    612E594137626EF1C1C6346882A826EBAFFC773E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System 32

  • subdirectory

    SubDir

Targets

    • Target

      MainBuild.exe

    • Size

      3.1MB

    • MD5

      3bbe6fc1601a30703de700e53c6f072f

    • SHA1

      e59be8b17dde867d5dd52d563f6c115149f4473a

    • SHA256

      96e859dad002f1e69e810c5f6ac60926f71a5ec03b4a7bde6cb9935f2927fbc3

    • SHA512

      197a18f9d5d01cee50c160450b23e60b3a770e4140462b032efe44cfd9e9b2a6fa513ada7bef341624e20fd6760ca1e492de4fd2b359da660735dafc518c3ce0

    • SSDEEP

      49152:Gvkt62XlaSFNWPjljiFa2RoUYIYxrEDkGk/JxfoGdOTHHB72eh2NT:Gv462XlaSFNWPjljiFXRoUYIYx31

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks