General

  • Target

    49416c6ff8ab8acdb58cc76313b37e40N.exe

  • Size

    7.3MB

  • Sample

    240726-ya2xastbph

  • MD5

    49416c6ff8ab8acdb58cc76313b37e40

  • SHA1

    6ef696eebbe4044a1042ecf05da6165b866f7c7f

  • SHA256

    e8495cf162901ea41b563416d6bae7314fc326153909fc4dc2fbf3789bb4ddce

  • SHA512

    bce5705d168ae73910503d588b282ab9f4a133e06df9ba0abfff26d570e5eca12c333d9918adc35f4ff3320eeebf8508807ecf8b686058bab6fab8301641cb33

  • SSDEEP

    98304:YvA22SsaNYfdPBldt6+dBcjHzwRJ6q3uJn/ML1u+GgQMn4c7/u4k4m97os4s4kB2:G17jKf3cML1u+GgV77/kZoWt7SovTTGj

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

HuntyLeCrack-34455.portmap.host:34455

Mutex

c0bb0db4-b3db-4375-8023-6295f7dafdfb

Attributes
  • encryption_key

    1F0B9B038FAD9F718417CAD9EA9E69943C71D876

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Updater

  • subdirectory

    SubDir

Targets

    • Target

      49416c6ff8ab8acdb58cc76313b37e40N.exe

    • Size

      7.3MB

    • MD5

      49416c6ff8ab8acdb58cc76313b37e40

    • SHA1

      6ef696eebbe4044a1042ecf05da6165b866f7c7f

    • SHA256

      e8495cf162901ea41b563416d6bae7314fc326153909fc4dc2fbf3789bb4ddce

    • SHA512

      bce5705d168ae73910503d588b282ab9f4a133e06df9ba0abfff26d570e5eca12c333d9918adc35f4ff3320eeebf8508807ecf8b686058bab6fab8301641cb33

    • SSDEEP

      98304:YvA22SsaNYfdPBldt6+dBcjHzwRJ6q3uJn/ML1u+GgQMn4c7/u4k4m97os4s4kB2:G17jKf3cML1u+GgV77/kZoWt7SovTTGj

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks