General

  • Target

    test - Copie.exe

  • Size

    3.1MB

  • Sample

    240629-rhadpaygmh

  • MD5

    1910d58cf65bec326f23a30563ab24c9

  • SHA1

    1f97e5ddc0634a911aa95684086b000ab86727dc

  • SHA256

    06cd6bdc86d2c7c4e3f4368d5f98a3f46236f19e76c0aaf9b26f8b868133a7fd

  • SHA512

    c2e901122968c0b9267adb7863ab600e6837557f3132e8dab049de2d037b0246e1fd1809151338eccab4de9c7b370f3f30a7744b38ac8668c283a306638d0024

  • SSDEEP

    49152:KvnI22SsaNYfdPBldt698dBcjHBCj1JDLoGdXTHHB72eh2NT:KvI22SsaNYfdPBldt6+dBcjHBCb

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

TESTIP

C2

0.tcp.ngrok.io:14534

Mutex

88de9d82-6909-427b-8a11-f28cf4280285

Attributes
  • encryption_key

    562515CBE0241F4FD48C91375ED3063F997D8AEE

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      test - Copie.exe

    • Size

      3.1MB

    • MD5

      1910d58cf65bec326f23a30563ab24c9

    • SHA1

      1f97e5ddc0634a911aa95684086b000ab86727dc

    • SHA256

      06cd6bdc86d2c7c4e3f4368d5f98a3f46236f19e76c0aaf9b26f8b868133a7fd

    • SHA512

      c2e901122968c0b9267adb7863ab600e6837557f3132e8dab049de2d037b0246e1fd1809151338eccab4de9c7b370f3f30a7744b38ac8668c283a306638d0024

    • SSDEEP

      49152:KvnI22SsaNYfdPBldt698dBcjHBCj1JDLoGdXTHHB72eh2NT:KvI22SsaNYfdPBldt6+dBcjHBCb

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks