General

  • Target

    Gtag_spoofer-main.zip

  • Size

    1.2MB

  • Sample

    240421-bgdrqaeh29

  • MD5

    f086c6467349c4020a4558c4bdb4dccf

  • SHA1

    46cef99dc385384d79286fb3afbdbab33013a020

  • SHA256

    361caae62a252ed7c2c8020dc16ab8dd73debaebbd528268b06b9172fb7e996b

  • SHA512

    7da2db05e300b7ea800d2575fb67560d5a4b68edc2c301d9773587848d6059ee18adf62b6ed87ebb660b46f00bdaf85040892fed892106c42c87cd98cf4a600e

  • SSDEEP

    24576:coKbu+H1Da3BsWDsb+x0Ri7KzTjZ/E+UXQdYKHNt72+D1gEwkMfR:coKbLHglmZsJNt+DRPMfR

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.53:4782

Mutex

e1883fb9-6361-4406-b1f7-f82f80cbbe14

Attributes
  • encryption_key

    863766762E363E1F1B41973F98B5594794BAAEC6

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Gtag_spoofer-main/Gtagspoofer_1.4.7.exe

    • Size

      3.1MB

    • MD5

      5110076773db1352ac91ef673fef465f

    • SHA1

      415ee6c130d71942a7197642d1a4ae7efb637ea8

    • SHA256

      8575df8567eb8fbb7b07954de694590e07757edf2bfcf3b623b1df9790ce698d

    • SHA512

      a9c081c768e3c72c8a8bfda715575e50a2a087e4dc1ec4e104bc761549af3c2fb5a3e9097c03bacec4940e6d7de65aa5a75dfc17ed784d4453f9de69e7ff2877

    • SSDEEP

      49152:rvyI22SsaNYfdPBldt698dBcjHS8x6EMk2k/JKPoGdDTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHS8xxi

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks