General

  • Target

    SOOS.BAT

  • Size

    409KB

  • Sample

    240627-bw62tavhmf

  • MD5

    9137a809697df320b8ff83a42d494cd1

  • SHA1

    a0cc0aa7e4738a7fec2ec471ef097699c5cbf427

  • SHA256

    d3a37a5309c003b80f594e9e89638d315b3490c6a31e96d5b1aa709f81f9f1f3

  • SHA512

    4a2ee72a71b6c6e59ab92717f4e85ef9a9e8ff8234543aab40e3ace94fc8c0499b7a8a7622017c11877d8657a6dec9c52abd055869d4b05a305fbac23f74570f

  • SSDEEP

    6144:3M99p1kREG60olEpXPSzCOVC47XF9EKlPlSbWODeKV6V5OYoR0AWSqS:SpiREGJLpXPSnh0DeKV6V5noDW5S

Score
10/10

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

.

C2

put-kenny.gl.at.ply.gg:3357

Mutex

$Sxr-GV6wZsGZZMeZ3qfenc

Attributes
  • encryption_key

    whtkhgSUV97PQQR3Udrc

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    1

  • startup_key

    Windows Defender Anti-Malware Disable Startup

  • subdirectory

    SubDir

Targets

    • Target

      SOOS.BAT

    • Size

      409KB

    • MD5

      9137a809697df320b8ff83a42d494cd1

    • SHA1

      a0cc0aa7e4738a7fec2ec471ef097699c5cbf427

    • SHA256

      d3a37a5309c003b80f594e9e89638d315b3490c6a31e96d5b1aa709f81f9f1f3

    • SHA512

      4a2ee72a71b6c6e59ab92717f4e85ef9a9e8ff8234543aab40e3ace94fc8c0499b7a8a7622017c11877d8657a6dec9c52abd055869d4b05a305fbac23f74570f

    • SSDEEP

      6144:3M99p1kREG60olEpXPSzCOVC47XF9EKlPlSbWODeKV6V5OYoR0AWSqS:SpiREGJLpXPSnh0DeKV6V5noDW5S

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks