General

  • Target

    SRCkey.exe

  • Size

    3.1MB

  • Sample

    240730-wdak4svfne

  • MD5

    d0fa55b027cf3268483208bc5087bf14

  • SHA1

    758d9396522e8458159bb7b5186340caf767f691

  • SHA256

    c1fba0fc260e24b6f42a72d8725aac400465890e5ee1a422cd567229ec1609bc

  • SHA512

    418ae9524de8f7326fe77c2664f1cdf2f807c0a50fe6e2619cc32fb863eff08a1b3ec26c029f1e319f540e9074380e8ca2dc9fb3f65e0cb2d26947037967f48b

  • SSDEEP

    49152:PvyI22SsaNYfdPBldt698dBcjHkrRJ6VbR3LoGdGTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHkrRJ6n

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.8.180:4782

Mutex

b532486b-fe2e-45a2-ac9b-42f784c55957

Attributes
  • encryption_key

    33E00C0591CE60DF8D1A4C8EBCF120A2AD5D348C

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Microsoft defender

  • subdirectory

    SubDir

Targets

    • Target

      SRCkey.exe

    • Size

      3.1MB

    • MD5

      d0fa55b027cf3268483208bc5087bf14

    • SHA1

      758d9396522e8458159bb7b5186340caf767f691

    • SHA256

      c1fba0fc260e24b6f42a72d8725aac400465890e5ee1a422cd567229ec1609bc

    • SHA512

      418ae9524de8f7326fe77c2664f1cdf2f807c0a50fe6e2619cc32fb863eff08a1b3ec26c029f1e319f540e9074380e8ca2dc9fb3f65e0cb2d26947037967f48b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHkrRJ6VbR3LoGdGTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHkrRJ6n

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks