General

  • Target

    imageloggerV2.exe

  • Size

    3.1MB

  • Sample

    240722-zfv7daxepq

  • MD5

    a203e9c646b83a427599b8f7e2bc50ef

  • SHA1

    011010162a342d270ae62ebe6490dd94a671d6a7

  • SHA256

    2baf75826c08cf4cd5c35a52681c6543d726e6f6fb1650205a018684746552a1

  • SHA512

    e046bd124f712f355383a87cd494b11a92255137c02ba604493a0bee82f113d018678a966ab3c3e0aa4be5869f880f4cc9811ebbdfea11f680a97569aa885fe7

  • SSDEEP

    49152:CvqI22SsaNYfdPBldt698dBcjHSOy3ECsAk/GfSoGdcJ1ATHHB72eh2NT:CvH22SsaNYfdPBldt6+dBcjHSOyda

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

romein-26037.portmap.host:26037

Mutex

25405edf-120b-4b35-acc0-ab3f70b59bf8

Attributes
  • encryption_key

    4D9E51CB5BF81499F369788BAA57C68300233F9D

  • install_name

    imagelogger.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    java updater

  • subdirectory

    SubDir

Targets

    • Target

      imageloggerV2.exe

    • Size

      3.1MB

    • MD5

      a203e9c646b83a427599b8f7e2bc50ef

    • SHA1

      011010162a342d270ae62ebe6490dd94a671d6a7

    • SHA256

      2baf75826c08cf4cd5c35a52681c6543d726e6f6fb1650205a018684746552a1

    • SHA512

      e046bd124f712f355383a87cd494b11a92255137c02ba604493a0bee82f113d018678a966ab3c3e0aa4be5869f880f4cc9811ebbdfea11f680a97569aa885fe7

    • SSDEEP

      49152:CvqI22SsaNYfdPBldt698dBcjHSOy3ECsAk/GfSoGdcJ1ATHHB72eh2NT:CvH22SsaNYfdPBldt6+dBcjHSOyda

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks