Overview

overview

10

Static

static

3

FortiCrack...er.exe

windows7-x64

10

FortiCrack...er.exe

windows10-2004-x64

FortiCrack...32.dll

windows7-x64

1

FortiCrack...32.dll

windows10-2004-x64

1

FortiCrack...32.dll

windows7-x64

1

FortiCrack...32.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c73f7f2bf2e94b2fab75e399ce88a8c_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240516-w3rwpahh9s

  • MD5

    4c73f7f2bf2e94b2fab75e399ce88a8c

  • SHA1

    62fa79cde827adb60a2dd572c11c151c87d71639

  • SHA256

    2455555f8a5b6f30b3557cc427a78c24f008075ac3826b165b8d2554ecb53e08

  • SHA512

    3503775b680c2fa2cd346fb8de30a1a273420a28be515d60b59997c61cccf7053c456900ef1674ff34be65377489e631aef1f3c2f1b3ef925e2f8a187b7fcbbc

  • SSDEEP

    49152:mfGBfpuU8Fdon4UbdinB6RD1mB9JGlzvysHm8ejTMHvIolk:AMpuU8z4HBingmQlryYjLIt

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

Javvaa.accesscam.org:4782

Mutex

QSR_MUTEX_1DLvM9FtGeSt3qpyvo

Attributes
  • encryption_key

    AxLKBxIEAMOuWNEzFsDB

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows Defender

  • subdirectory

    SubDir

Targets

    • Target

      FortiCracke/FortiCracke/Fortnite Cracker.exe

    • Size

      5.5MB

    • MD5

      b9b970ba0af4644bb8036eb499e871b9

    • SHA1

      4dc39e73054b2c38a3ae30db1abf229aaf282965

    • SHA256

      5cfa868cfac6015908731e5c0541e52e3d57ea8c81d416ec419315e0a99e8d09

    • SHA512

      3208a3a40af2c200d44b05f3d84c88e23e13bdf6e1ce7e7a3b82fdd4cff2589b5a5a62ce3a02388bdc03619b3e0bae359e47f8b97a070594ca5d2774ae65a9b8

    • SSDEEP

      49152:eO/SXkQ9jdLStzMdgS+dt0XYI2w+LSignW+Yeg3s1UeiVQgGwD/xT0SJy3G+c:

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      FortiCracke/FortiCracke/libeay32.dll

    • Size

      1.1MB

    • MD5

      1fc19d6114e67319078f9bff46431161

    • SHA1

      f630aa829e919ebfd6a5bd0f910c20905da38bfa

    • SHA256

      cee20a0774bde8465e0b1e666fd077ed17d52600608809b44031e1992b5ce6db

    • SHA512

      8d128fe4e9f4924e862f301cd5f47ae6cf97b3aef9a5b19328984eeb55589a43425bbbcb725bcc48bdf2477c5633b014a86621183aaa408e31822dabf4016476

    • SSDEEP

      24576:mgQ2bIE0xHNFiwyZ0rdq/f3EcEGNpNOBlmQ:X0XiwG4o/8HGNpNslm

    Score
    1/10
    behavioral3behavioral4

    • Target

      FortiCracke/FortiCracke/ssleay32.dll

    • Size

      277KB

    • MD5

      14d83b686edc94814eff6d96b00e14a8

    • SHA1

      6e8269489d2a48f7c7fc484c8e14e564599c27f4

    • SHA256

      8baef665568db18511911759277b704bbbe111a2aeb7902b650fac30995a5d45

    • SHA512

      c3561c3927cc6237e765894bfcf504ea6edccf2e98c9623b3ee7233b658d1a142da82ab8aa3ecbe9692a718734a9d4d64a040dde9a52009a79e059470a45d6d7

    • SSDEEP

      6144:vaBHS3Xs1JIxsALAibjNTYPLKd/W7IEkZayhfXRgf8DmAo4ciENRSQ5Jkcnd4:vaM3sJIxsALAibjNTuLKd/cIEkZhikD3

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks