Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240715-nkl9gstglr

  • MD5

    0282e93adf781175c1e8a7094094b6a6

  • SHA1

    2b42b7730cf431357069012d79bf6bd1802f0392

  • SHA256

    d2773c00a7a95b2d78807d86f07c2eea8203537d6d855c538346f2bda4067103

  • SHA512

    b0180c2303ad206a4de3c6b744f44340b1cd9b41362149745e508384037e718b1be802f2fc2a410f0c476f0945192cbab1ad08c3f3fd3f30b4b7032a2083cd6b

  • SSDEEP

    49152:3vOlL26AaNeWgPhlmVqvMQ7XSK56wibR00LoGdRTHHB72eh2NT:3v+L26AaNeWgPhlmVqkQ7XSK56wt6

Score
10/10
quasartestspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Test

C2

47.134.26.200:4782

193.161.193.99:23325
Mutex

9cabbafb-503b-49f1-ab22-adc756455c10

Attributes
  • encryption_key

    8B93C77AC1C58EA80A3327E9FD26246A79EF3B8E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    MS Build Tools

  • subdirectory

    Microsoft-Build-Tools

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      0282e93adf781175c1e8a7094094b6a6

    • SHA1

      2b42b7730cf431357069012d79bf6bd1802f0392

    • SHA256

      d2773c00a7a95b2d78807d86f07c2eea8203537d6d855c538346f2bda4067103

    • SHA512

      b0180c2303ad206a4de3c6b744f44340b1cd9b41362149745e508384037e718b1be802f2fc2a410f0c476f0945192cbab1ad08c3f3fd3f30b4b7032a2083cd6b

    • SSDEEP

      49152:3vOlL26AaNeWgPhlmVqvMQ7XSK56wibR00LoGdRTHHB72eh2NT:3v+L26AaNeWgPhlmVqkQ7XSK56wt6

    Score
    10/10
    quasartestspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks