General

  • Target

    429d98e4f83301b513eab17210d91579428ac61e976e0df744d155f7f27f46b0

  • Size

    3.1MB

  • Sample

    240801-ksk5lsscpq

  • MD5

    2a93b7369d5bff945e137add755297dc

  • SHA1

    a43b23f75685dd1033fcaf8a8611c0aeff7cb9c9

  • SHA256

    429d98e4f83301b513eab17210d91579428ac61e976e0df744d155f7f27f46b0

  • SHA512

    a3d0b5ce054f3765f4f074352aea11cad09689201b9759b0ef32f5e3063c3706bb9991ff8de63c172d43db97073f88f9259ef1cb6a1a25c194125c88e0b17a95

  • SSDEEP

    49152:WvXI22SsaNYfdPBldt698dBcjHPFWbCE2CxpmIHLoGOfpTHHB72eh2NT:WvY22SsaNYfdPBldt6+dBcjHtWbCi

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.8.195:4782

Mutex

f569b663-adac-40e8-9ba7-aa60b6838dad

Attributes
  • encryption_key

    EB173B446A47D9C5ABC3CE2B7C417F5FCEC32402

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      429d98e4f83301b513eab17210d91579428ac61e976e0df744d155f7f27f46b0

    • Size

      3.1MB

    • MD5

      2a93b7369d5bff945e137add755297dc

    • SHA1

      a43b23f75685dd1033fcaf8a8611c0aeff7cb9c9

    • SHA256

      429d98e4f83301b513eab17210d91579428ac61e976e0df744d155f7f27f46b0

    • SHA512

      a3d0b5ce054f3765f4f074352aea11cad09689201b9759b0ef32f5e3063c3706bb9991ff8de63c172d43db97073f88f9259ef1cb6a1a25c194125c88e0b17a95

    • SSDEEP

      49152:WvXI22SsaNYfdPBldt698dBcjHPFWbCE2CxpmIHLoGOfpTHHB72eh2NT:WvY22SsaNYfdPBldt6+dBcjHtWbCi

MITRE ATT&CK Enterprise v15

Tasks