General

  • Target

    tmpnmsymvtn

  • Size

    3.2MB

  • Sample

    240626-j6edjsvcpa

  • MD5

    91303874b8a51ac4da1d9da6ebb3d0ef

  • SHA1

    f41ed21d3a37069355b5c84222bea6f6b68d64bf

  • SHA256

    653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169

  • SHA512

    acad1d59abd248c12ee918496d9a40c16a040c765d42d074c9ed0b055e97bddc6563ead28666122c30d8a887ff87ba190c4ad33478ed8f0e26e3c8d50e9e42aa

  • SSDEEP

    49152:gvEuf2NUaNmwzPWlvdaKM7ZxTwqnxNESEdk/iqLoGdQTHHB72eh2NTDyfo:gvzf2NUaNmwzPWlvdaB7ZxTwSx8URK

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

hi

C2

care-somewhere.gl.at.ply.gg:38177

127.0.0.1:38177

Mutex

09a22f35-6eea-40d3-8df0-f44e1f092037

Attributes
  • encryption_key

    D9185A099F336661ED8D6035D739C63B5B34E3D8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Update

  • subdirectory

    SubDir

Targets

    • Target

      tmpnmsymvtn

    • Size

      3.2MB

    • MD5

      91303874b8a51ac4da1d9da6ebb3d0ef

    • SHA1

      f41ed21d3a37069355b5c84222bea6f6b68d64bf

    • SHA256

      653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169

    • SHA512

      acad1d59abd248c12ee918496d9a40c16a040c765d42d074c9ed0b055e97bddc6563ead28666122c30d8a887ff87ba190c4ad33478ed8f0e26e3c8d50e9e42aa

    • SSDEEP

      49152:gvEuf2NUaNmwzPWlvdaKM7ZxTwqnxNESEdk/iqLoGdQTHHB72eh2NTDyfo:gvzf2NUaNmwzPWlvdaB7ZxTwSx8URK

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks