General

  • Target

    Test.exe

  • Size

    12.3MB

  • Sample

    240722-w35sjs1bme

  • MD5

    e1d7bec28c7f54f0ff98ced99f505da1

  • SHA1

    0de847dd7e30eeedb1392fa4890b604b2911c8a9

  • SHA256

    102347f70b3a45e3d41030860c207e41421337f0e66bd709ecd5ff4d45f8412a

  • SHA512

    5e7571f43da8c880cd6d641f67c6f8eec526cef2871b06432f92d71c63eb8ca6d646c78deaa29ddad89a348b0dcf435183e4aceb369806d73762be4c96067971

  • SSDEEP

    393216:OcGqEA3g931+TtIiFv0VQvgbKLZIw09sCZ:gqEAM1QtIVI/0

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

memo2023.publicvm.com:4782

Mutex

dd517aa1-9103-4e21-9570-9ff2818203b0

Attributes
  • encryption_key

    4231AAAA578EE0C216DA911F7E4C5AFB83292A51

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Test.exe

    • Size

      12.3MB

    • MD5

      e1d7bec28c7f54f0ff98ced99f505da1

    • SHA1

      0de847dd7e30eeedb1392fa4890b604b2911c8a9

    • SHA256

      102347f70b3a45e3d41030860c207e41421337f0e66bd709ecd5ff4d45f8412a

    • SHA512

      5e7571f43da8c880cd6d641f67c6f8eec526cef2871b06432f92d71c63eb8ca6d646c78deaa29ddad89a348b0dcf435183e4aceb369806d73762be4c96067971

    • SSDEEP

      393216:OcGqEA3g931+TtIiFv0VQvgbKLZIw09sCZ:gqEAM1QtIVI/0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks