General

  • Target

    SOOS.BAT

  • Size

    409KB

  • Sample

    240627-bxzzwsvhra

  • MD5

    ec30cc1b42fa77bd6cf1939c36e9bf45

  • SHA1

    2c135066690905a45988ab4cc9e41c23e609846e

  • SHA256

    a2fa0250843e7ada653086224913ebcb48bb47d5de5c738dc0e5367af863a3ae

  • SHA512

    2610c655abbf162bae1620aa02e29774c5324b7b831cd76505999a12ca4fa2706a5a6479c8a7c553d480569a8e93322bbc9e34e9a37705171714ce0ee51dcbd7

  • SSDEEP

    6144:RM99p1kREG60olSLzNUrUFLzG79XFHg60e1qpzbP7ZCjUb1P3SXhxu332oOwuSgo:gpiREGJxzNUrU9G7yNGxEmAuSz

Score
10/10

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

.

C2

put-kenny.gl.at.ply.gg:3357

Mutex

$Sxr-GV6wZsGZZMeZ3qfenc

Attributes
  • encryption_key

    rn7eoqYIHaNURuVxooma

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    1

  • startup_key

    Windows Defender Anti-Malware Disable Startup

  • subdirectory

    SubDir

Targets

    • Target

      SOOS.BAT

    • Size

      409KB

    • MD5

      ec30cc1b42fa77bd6cf1939c36e9bf45

    • SHA1

      2c135066690905a45988ab4cc9e41c23e609846e

    • SHA256

      a2fa0250843e7ada653086224913ebcb48bb47d5de5c738dc0e5367af863a3ae

    • SHA512

      2610c655abbf162bae1620aa02e29774c5324b7b831cd76505999a12ca4fa2706a5a6479c8a7c553d480569a8e93322bbc9e34e9a37705171714ce0ee51dcbd7

    • SSDEEP

      6144:RM99p1kREG60olSLzNUrUFLzG79XFHg60e1qpzbP7ZCjUb1P3SXhxu332oOwuSgo:gpiREGJxzNUrU9G7yNGxEmAuSz

    Score
    10/10
    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks