General

  • Target

    client.exe

  • Size

    3.1MB

  • Sample

    240525-brtwpahh36

  • MD5

    3923567323be44b3a3955f8b69585396

  • SHA1

    c2db51125c1d664ac02e9ea28fbe4fb6fc47e59a

  • SHA256

    f6fe8fbbafb40ded2572c45d74740d6aa5a7bd6149e2ec2ddedf9030b7411228

  • SHA512

    5d410bfeb594674195c46dbd228c4967e5df07bd3b6fe3d16a8be48690d58354d4448e35b9fc7a99bca720ed104d6e24be8fd8d8abc31392ccd55a556da14dca

  • SSDEEP

    49152:KvBt62XlaSFNWPjljiFa2RoUYIx8pnrTFvJKuoGdNTHHB72eh2NT:Kvr62XlaSFNWPjljiFXRoUYI6Tl

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

watchdog

C2

142.115.43.143:8080

Mutex

1c1f3ace-a14c-4361-99eb-65aedb6d50fd

Attributes
  • encryption_key

    3FAEE4D5FC9BC245D4CA5F4165EAFD34E8D5FE16

  • install_name

    watchdog.exe

  • log_directory

    logs

  • reconnect_delay

    3000

  • startup_key

    watchdog

  • subdirectory

    drivers

Targets

    • Target

      client.exe

    • Size

      3.1MB

    • MD5

      3923567323be44b3a3955f8b69585396

    • SHA1

      c2db51125c1d664ac02e9ea28fbe4fb6fc47e59a

    • SHA256

      f6fe8fbbafb40ded2572c45d74740d6aa5a7bd6149e2ec2ddedf9030b7411228

    • SHA512

      5d410bfeb594674195c46dbd228c4967e5df07bd3b6fe3d16a8be48690d58354d4448e35b9fc7a99bca720ed104d6e24be8fd8d8abc31392ccd55a556da14dca

    • SSDEEP

      49152:KvBt62XlaSFNWPjljiFa2RoUYIx8pnrTFvJKuoGdNTHHB72eh2NT:Kvr62XlaSFNWPjljiFXRoUYI6Tl

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Discovery

Query Registry

1
T1012

Tasks