General
-
Target
startup_str_264.bat
-
Size
808KB
-
Sample
240607-sc3zgsbb22
-
MD5
1b236d823fffbf04687fef9145e0990a
-
SHA1
370b04807cabe0dd2878d199eaf174d3a7ce5bf9
-
SHA256
fdbd39ce78ac483a924407052be7edad216691bd2813e149b8300d3fe448cfa7
-
SHA512
646412e91910af43f6b893fbb915fc79a25acc6f9491e9423612bfde1de976023c3e1beeaf3669d8af0997d7708001596c7c8d341876f04b757244f0aa6a9252
-
SSDEEP
12288:vsYveIeweiFQGy6rxRPxuSHecnlnUgjmISzlhreElCOLgG0ECLM78fYsjG7ND:vsYvveiuuz3HdXmI0r/3LN0E1qMD
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
startup_str_264.bat
-
Size
808KB
-
MD5
1b236d823fffbf04687fef9145e0990a
-
SHA1
370b04807cabe0dd2878d199eaf174d3a7ce5bf9
-
SHA256
fdbd39ce78ac483a924407052be7edad216691bd2813e149b8300d3fe448cfa7
-
SHA512
646412e91910af43f6b893fbb915fc79a25acc6f9491e9423612bfde1de976023c3e1beeaf3669d8af0997d7708001596c7c8d341876f04b757244f0aa6a9252
-
SSDEEP
12288:vsYveIeweiFQGy6rxRPxuSHecnlnUgjmISzlhreElCOLgG0ECLM78fYsjG7ND:vsYvveiuuz3HdXmI0r/3LN0E1qMD
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Deletes itself
-