Overview

overview

10

Static

static

3

ToastWallet-qt.exe

windows7-x64

10

ToastWallet-qt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    537147e6130914bbc9f1b79cd2bccc53_JaffaCakes118

  • Size

    454KB

  • Sample

    240518-hkmmcsgd5y

  • MD5

    537147e6130914bbc9f1b79cd2bccc53

  • SHA1

    f1577fc7b809081a0fef1eb578faedc2798630f8

  • SHA256

    d99acf163387ab0350b6880ddd73114366b2f5e9593c43388e34881284c6724b

  • SHA512

    4853092eb0237dcfd0851c2477086620c2e9af1a0c97401f231d3c199a2bb26ea0bf1836e7ba530dfd305e6b9763adcd4f90f3a16de3da3ba11081648a250598

  • SSDEEP

    12288:P18ivxjWThOIwBRqOmiYNRILLbrWRx8ceqsaU1QVaeaHyU0tpm/dN:NptWUI+RWNRILLbrWcceZaUiUYvs

Score
10/10
quasarofficespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

37.1.207.27:222

Mutex

7xg1muSKali1I2y5IZ

Attributes
  • encryption_key

    KWyZntdiPrrGnzylskuR

  • install_name

    csrss.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    NET framework

  • subdirectory

    SubDir

Targets

    • Target

      ToastWallet-qt.exe

    • Size

      502KB

    • MD5

      f4a3d9404ad522ec1b9bd8feb8dca3b5

    • SHA1

      33201170d62419689b5685b22325512c27ca16ab

    • SHA256

      9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88

    • SHA512

      c593bab9c02e4a5a78d420710e422e8b562e2d2e040c745a75aac4a44695ec8d8e83ef999abd17fdd0db0e668a390d93f9d121446fb2f702d982e0bc8e04beea

    • SSDEEP

      6144:8zAOLe5C9/l3Iv3hlwJYrCp5+kP/af/9jwlYj4ixSP7PtcaZuSrg6n2i3UMyoQTk:8zxICbojRxEceusRn1EvQY

    Score
    10/10
    quasarofficespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks