General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240727-svbmyswamq

  • MD5

    b104969ee4b9c9d8b9169b8b0f49d83b

  • SHA1

    10920cfda95473fe5367931a383c4569ea66f73f

  • SHA256

    971985906bface7df4e3ad4bf9a7ac225c1757333e934dedf59215c8c2da6c3b

  • SHA512

    3d4ca916cc53e5657e9704759e75d828e7c39e10d6e715e3f38abe516a926c4af049517a68deb535891aafce06fe332f5d6bf671881748d1d647ad11ab51200f

  • SSDEEP

    49152:3viI22SsaNYfdPBldt698dBcjHtCm8mzQkoGdIARTHHB72eh2NT:3vv22SsaNYfdPBldt6+dBcjHtCmtt

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

7.tcp.eu.ngrok.io:19112

Mutex

ccf129b8-2f60-427c-ab73-260d95879b88

Attributes
  • encryption_key

    86C78DCE94D487549C8B075D40032E329CEC8F3A

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      b104969ee4b9c9d8b9169b8b0f49d83b

    • SHA1

      10920cfda95473fe5367931a383c4569ea66f73f

    • SHA256

      971985906bface7df4e3ad4bf9a7ac225c1757333e934dedf59215c8c2da6c3b

    • SHA512

      3d4ca916cc53e5657e9704759e75d828e7c39e10d6e715e3f38abe516a926c4af049517a68deb535891aafce06fe332f5d6bf671881748d1d647ad11ab51200f

    • SSDEEP

      49152:3viI22SsaNYfdPBldt698dBcjHtCm8mzQkoGdIARTHHB72eh2NT:3vv22SsaNYfdPBldt6+dBcjHtCmtt

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Executes dropped EXE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks