General

  • Target

    solara.rar

  • Size

    1.0MB

  • Sample

    240802-3l6rvavfpj

  • MD5

    5afdd9d2f1e67b287dbee799bd03f656

  • SHA1

    bd17315a831cb0a17d944d94757766e4128f748d

  • SHA256

    72e98b7008bc9306db84caf8577e00fa8edca0e2fdd473b234b490b16f87ae82

  • SHA512

    fa108b397cffc4e608b7d4ad528804e6befc6c38359fea8f7020060033b221762f1f83c8b29da0885585f31a0827c0003f42f2bd4e954eaa88c817c52a809323

  • SSDEEP

    24576:o7GHERMwusiArUydQ4sS9DrqhbRhgqHAdpHtu0ZUyF:3kRszArRtsS9DrqbzmHtr1F

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.86.42:4782

Mutex

eaedb9b3-efa3-4f4e-8bd1-e6323c15fea8

Attributes
  • encryption_key

    F7A22B1954257A2F04BA3A86C02C0AD9DCBB6415

  • install_name

    NovaRecoil.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    REC

  • subdirectory

    SubDir

Targets

    • Target

      solara.exe

    • Size

      3.1MB

    • MD5

      1bdf6c7fda1c36dab1558b37aeb0d631

    • SHA1

      9f7dc44275ee93dd42a8bffba2fc905c5ea56c24

    • SHA256

      b7871caa008e2b9b56b23b6d9623064e6f773b58e5508b41001d125e29d71956

    • SHA512

      52ddf7ee9b33cbd0fbd0f753cabb32763f2789a42abe995420f6a5d79aa9f841bb3707d088c29c5a9908f7e5c008f69e6f1971d36b2e0baedbe7ab2ac0cce0ce

    • SSDEEP

      49152:evkt62XlaSFNWPjljiFa2RoUYIJCH1JjLoGdskTHHB72eh2NT:ev462XlaSFNWPjljiFXRoUYIJCX

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks