General

  • Target

    nitro gen.sfx.exe

  • Size

    1.4MB

  • Sample

    240801-dxy4pszajp

  • MD5

    463190548a0b924375fea732967d2dcf

  • SHA1

    f4c69c752671f7466b9c60023ecbbb61dc264998

  • SHA256

    bd0a7542a724d699799858acaf694cbfc2f281fa8bb0641698d23bdc5454dc38

  • SHA512

    b1cad73fd8282b25045a762780cbcaa5a522e458dd86135be91d4f9a42240de0ffa883f951f5d32d184a7b7323b0fea939400d7c5d49a24d0c530ce65b59a0a2

  • SSDEEP

    24576:xuDXTIGaPhEYzUzA0/0gqmW7NKGNHUJQ3UP4A4hJNuLMeqQVCJlT:kDjlabwz9Mm0UuW4RvwdqQ6T

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

fauhfuhfdrga-54679.portmap.host:54679

Mutex

6ab6e759-61c1-415f-aa2e-b5aa5487acb9

Attributes
  • encryption_key

    EB75A1B85E642DFE711921DF85E99E6D4BC6CC19

  • install_name

    nitro gen.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    windows Startup

  • subdirectory

    SubDir

Targets

    • Target

      nitro gen.sfx.exe

    • Size

      1.4MB

    • MD5

      463190548a0b924375fea732967d2dcf

    • SHA1

      f4c69c752671f7466b9c60023ecbbb61dc264998

    • SHA256

      bd0a7542a724d699799858acaf694cbfc2f281fa8bb0641698d23bdc5454dc38

    • SHA512

      b1cad73fd8282b25045a762780cbcaa5a522e458dd86135be91d4f9a42240de0ffa883f951f5d32d184a7b7323b0fea939400d7c5d49a24d0c530ce65b59a0a2

    • SSDEEP

      24576:xuDXTIGaPhEYzUzA0/0gqmW7NKGNHUJQ3UP4A4hJNuLMeqQVCJlT:kDjlabwz9Mm0UuW4RvwdqQ6T

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks