General

  • Target

    testing.bat

  • Size

    370KB

  • Sample

    240628-2vdxraxdql

  • MD5

    df396b97b5de6c7ab17a021681980c9b

  • SHA1

    5a794a857884e1ec35eb225397ee6d3a5680af22

  • SHA256

    9db155af18a56368ff0d18ab954438bbb14ec90a7cacc603f66ce5468e4bf3c4

  • SHA512

    96a6423ff510d21cfa9e385e38c3d65e3b2f65cb3309082b734358e1f7b097be44276b74d64b62c5957bb554f1c97dabd889aedea0306441b4431d57636a3848

  • SSDEEP

    6144:ELpy5tbQpHYdQgYl7nIVTgunq/hdnN5cAZVQw3g+glYY8UdKmq5:p7QHY2lboguq//N+AQwfglYvF5

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Targets

    • Target

      testing.bat

    • Size

      370KB

    • MD5

      df396b97b5de6c7ab17a021681980c9b

    • SHA1

      5a794a857884e1ec35eb225397ee6d3a5680af22

    • SHA256

      9db155af18a56368ff0d18ab954438bbb14ec90a7cacc603f66ce5468e4bf3c4

    • SHA512

      96a6423ff510d21cfa9e385e38c3d65e3b2f65cb3309082b734358e1f7b097be44276b74d64b62c5957bb554f1c97dabd889aedea0306441b4431d57636a3848

    • SSDEEP

      6144:ELpy5tbQpHYdQgYl7nIVTgunq/hdnN5cAZVQw3g+glYY8UdKmq5:p7QHY2lboguq//N+AQwfglYvF5

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks