General

  • Target

    SS.exe

  • Size

    3.2MB

  • Sample

    240523-ey155adf5t

  • MD5

    a4263aed426b47b7c69c8471cae4c70c

  • SHA1

    b073f02e9f6b678e3d96051d2650a4e05b2bf495

  • SHA256

    0e7838c047bec0c9e0ff37ea27710ed13b2e98b8a53a88412cc3e48e40f77c34

  • SHA512

    3c3a52f58f4ad0a24259c4795d1e88d8f351e22a2d669f7865c129517c3b1cc8aefc1b47b7addd0d55659c0f952ae96a081839f0331e550911f00ee40d6b09ac

  • SSDEEP

    49152:EvkI22SsaNYfdPBldt698dBcjHmpRJ6SbR3LoGd9qTHHB72eh2NT:EvJ22SsaNYfdPBldt6+dBcjHmpRJ6Mt

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CCS

C2

192.34.131.34:4782

Mutex

c744c156-36e3-44bc-93ce-687989e40591

Attributes
  • encryption_key

    1CC648F6A0064334E8932D119FA24AEA676ED25C

  • install_name

    Candy Crush Saga.exe

  • log_directory

    Logs

  • reconnect_delay

    0

  • startup_key

    Candy Crush

  • subdirectory

    Candy Crush

Targets

    • Target

      SS.exe

    • Size

      3.2MB

    • MD5

      a4263aed426b47b7c69c8471cae4c70c

    • SHA1

      b073f02e9f6b678e3d96051d2650a4e05b2bf495

    • SHA256

      0e7838c047bec0c9e0ff37ea27710ed13b2e98b8a53a88412cc3e48e40f77c34

    • SHA512

      3c3a52f58f4ad0a24259c4795d1e88d8f351e22a2d669f7865c129517c3b1cc8aefc1b47b7addd0d55659c0f952ae96a081839f0331e550911f00ee40d6b09ac

    • SSDEEP

      49152:EvkI22SsaNYfdPBldt698dBcjHmpRJ6SbR3LoGd9qTHHB72eh2NT:EvJ22SsaNYfdPBldt6+dBcjHmpRJ6Mt

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks