Overview

overview

10

Static

static

10

FreeFortnite.exe

windows7-x64

10

FreeFortnite.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FreeFortnite.exe

  • Size

    3.1MB

  • Sample

    240617-vzl1la1erq

  • MD5

    5ce2210a2711dcffd8c64c668f81cf93

  • SHA1

    815e1544a870e6a6d1ca5f6c074179a20baafbe9

  • SHA256

    3ae42302da619033e80101bf6dd7f88879d0c37a500f48513102993986d8373f

  • SHA512

    c1261175b58af95e87825df63fd10aeb2bcb31fd0789698d2600b21148682508c34706bc38f8f95c8b741492c5114c8dfb66b96adc34b9f19fabb45fe9fb8cab

  • SSDEEP

    49152:PvOlL26AaNeWgPhlmVqvMQ7XSK4/4EKWMfQNoGdPFhTHHB72eh2NT:Pv+L26AaNeWgPhlmVqkQ7XSK4/4EKof

Score
10/10
quasareyewalledspywarestealertrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Eyewalled

C2

147.185.221.18:18043

147.185.221.18:1358
Mutex

348940a4-40db-4d79-9103-0f7d01523a5f

Attributes
  • encryption_key

    EFBE3AE92C7EEEEF56234B89DE1D5E6E1E66581C

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3001

  • startup_key

    Quasar Client Startup

  • subdirectory

    Management

Targets

    • Target

      FreeFortnite.exe

    • Size

      3.1MB

    • MD5

      5ce2210a2711dcffd8c64c668f81cf93

    • SHA1

      815e1544a870e6a6d1ca5f6c074179a20baafbe9

    • SHA256

      3ae42302da619033e80101bf6dd7f88879d0c37a500f48513102993986d8373f

    • SHA512

      c1261175b58af95e87825df63fd10aeb2bcb31fd0789698d2600b21148682508c34706bc38f8f95c8b741492c5114c8dfb66b96adc34b9f19fabb45fe9fb8cab

    • SSDEEP

      49152:PvOlL26AaNeWgPhlmVqvMQ7XSK4/4EKWMfQNoGdPFhTHHB72eh2NT:Pv+L26AaNeWgPhlmVqkQ7XSK4/4EKof

    Score
    10/10
    quasareyewalledspywaretrojanstealer

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

1
T1552.001

Credentials in Registry

1
T1552.002

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks