General

  • Target

    tt.dll

  • Size

    701KB

  • Sample

    240626-wh19mavhme

  • MD5

    06a20e5e74f5ac4e9401e6b2fdee792a

  • SHA1

    e3f3ebc5a0fc959e71c5479bbb84eee447b847c1

  • SHA256

    04d9a18f7d512ef8f93c21981c9f19eb292c030444d5677eab66112048fc5878

  • SHA512

    cec70c451d92fcefd0ae643cd882dea156b60d3f7451dfbad1c6789c6e361491252bdbd42cf772a4b7972def07c1a37692792856887abd611acbe84de0ff86d4

  • SSDEEP

    12288:3X5xda/HVGO7BKXTBUi5xhIQub/9DqdIF4UzV3a58tQG5:LdaPVGOlu7Hub/9hF4UE58mG

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

bhm

C2

134.122.3.3:8888

Mutex

bS2FweHbmsGvSoaeif

Attributes
  • encryption_key

    uLtwgUQwj4RmeWCoiXJv

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      tt.dll

    • Size

      701KB

    • MD5

      06a20e5e74f5ac4e9401e6b2fdee792a

    • SHA1

      e3f3ebc5a0fc959e71c5479bbb84eee447b847c1

    • SHA256

      04d9a18f7d512ef8f93c21981c9f19eb292c030444d5677eab66112048fc5878

    • SHA512

      cec70c451d92fcefd0ae643cd882dea156b60d3f7451dfbad1c6789c6e361491252bdbd42cf772a4b7972def07c1a37692792856887abd611acbe84de0ff86d4

    • SSDEEP

      12288:3X5xda/HVGO7BKXTBUi5xhIQub/9DqdIF4UzV3a58tQG5:LdaPVGOlu7Hub/9hF4UE58mG

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks