General

  • Target

    1d686b05f745875e28939abe357baedd169b59f5a0d88.exe

  • Size

    3.1MB

  • Sample

    240728-snfcka1bjr

  • MD5

    e3e1f7fa42dd68f410bb885f0aefe5e3

  • SHA1

    d51edc519d86a11e6533cd4cac8f190dd3f7d4bb

  • SHA256

    1d686b05f745875e28939abe357baedd169b59f5a0d8825b602fd803a6303ba3

  • SHA512

    92ac0379074366a4dbb9235d8c61935be6d8086629611dbcdecdaf680a0a8636f7810d4f6394dbdee5b1e463842284ab9855534da4627677965557e8eb609aa3

  • SSDEEP

    49152:6v5t62XlaSFNWPjljiFa2RoUYIHSz3farvLoGdRbTHHB72eh2NT:6vT62XlaSFNWPjljiFXRoUYI+38B

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

193.42.11.9:4329

Mutex

4c2abd13-f813-4493-8701-1c7115caee61

Attributes
  • encryption_key

    665C8B508EC328B12F8F1A2A20662BF0DBA9F069

  • install_name

    edge.exe

  • log_directory

    Logs

  • reconnect_delay

    1000

  • startup_key

    Chrome

  • subdirectory

    browser

Targets

    • Target

      1d686b05f745875e28939abe357baedd169b59f5a0d88.exe

    • Size

      3.1MB

    • MD5

      e3e1f7fa42dd68f410bb885f0aefe5e3

    • SHA1

      d51edc519d86a11e6533cd4cac8f190dd3f7d4bb

    • SHA256

      1d686b05f745875e28939abe357baedd169b59f5a0d8825b602fd803a6303ba3

    • SHA512

      92ac0379074366a4dbb9235d8c61935be6d8086629611dbcdecdaf680a0a8636f7810d4f6394dbdee5b1e463842284ab9855534da4627677965557e8eb609aa3

    • SSDEEP

      49152:6v5t62XlaSFNWPjljiFa2RoUYIHSz3farvLoGdRbTHHB72eh2NT:6vT62XlaSFNWPjljiFXRoUYI+38B

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks