General

  • Target

    https://github.com/astzgotmotion/celery-executor

  • Sample

    240730-twzxlsybjr

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Joesnazzy-26854.portmap.host:26854

Mutex

0e3df0a7-c843-43da-81c8-d9c01f85801a

Attributes
  • encryption_key

    FE31C9B3146C7F6C565D8024D45CF71A2F7A3888

  • install_name

    celery.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    windows defender

  • subdirectory

    SubDir

Targets

    • Target

      https://github.com/astzgotmotion/celery-executor

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks