General

  • Target

    Windows Remote Access Trojan.exe

  • Size

    3.1MB

  • Sample

    240420-wgv18aea79

  • MD5

    2c2172ccafa055a00312e4e3a08f229a

  • SHA1

    1c9dd30693318258d8ffd70984cb348d755c5d97

  • SHA256

    19b707de920bf77466108ba32a3d4b01fe051f46173db4bbf65c9e17895d9f55

  • SHA512

    ceecdee4cdb348a59f7b918b7c1d641e6ac398601493d87e1c91128387664effb457256cec427f71686cda808418003c8dc01ae9b22cb6ce76338237e5213225

  • SSDEEP

    49152:3vyI22SsaNYfdPBldt698dBcjHlqUMrtMfl5oGdBZTHHB72eh2NT:3vf22SsaNYfdPBldt6+dBcjHlrMrw

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.154:4782

Mutex

ba502bba-c1c8-4a0b-95e6-4b1a3d5f551e

Attributes
  • encryption_key

    7195172212FD0C3E2300AE89FC3318C365A0CFF8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Windows Remote Access Trojan.exe

    • Size

      3.1MB

    • MD5

      2c2172ccafa055a00312e4e3a08f229a

    • SHA1

      1c9dd30693318258d8ffd70984cb348d755c5d97

    • SHA256

      19b707de920bf77466108ba32a3d4b01fe051f46173db4bbf65c9e17895d9f55

    • SHA512

      ceecdee4cdb348a59f7b918b7c1d641e6ac398601493d87e1c91128387664effb457256cec427f71686cda808418003c8dc01ae9b22cb6ce76338237e5213225

    • SSDEEP

      49152:3vyI22SsaNYfdPBldt698dBcjHlqUMrtMfl5oGdBZTHHB72eh2NT:3vf22SsaNYfdPBldt6+dBcjHlrMrw

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks