General

  • Target

    ⭐️LITHIUM NUKER V4⭐️.rar

  • Size

    1.0MB

  • Sample

    240802-wtke9avaln

  • MD5

    76da998735659b133ca0e58344e8f7fb

  • SHA1

    b682cb1f28b8f4aad7f84bbca20bb863629e0060

  • SHA256

    6e74255e85cfaeb1ac6527eaa2646bfe6007d95b799becad38f7e7be7716e1d8

  • SHA512

    688acc0023b5fff613f9fb53cc8ad13e0ddfc7c27864b1861083036a35693026891579e39fea3e24509dd28940a5ebad25ddc2b4d2a0058c0bf4e33822e325ac

  • SSDEEP

    24576:Wg+dXmi23K3JFInXj6wkBYPrjxAbadhT48sTZdBVPGJgRt:IRm+3JF6GYTuba7K9feg/

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.51:4782

Mutex

b83cbaf1-3ce5-43f8-a42a-f845d8ef5467

Attributes
  • encryption_key

    7F14878C24A186BCD9E69BFA124C76DC41F0C9A7

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Nuke Loader.exe

    • Size

      3.1MB

    • MD5

      ed675e5b50992702716b65c5b15bd2ee

    • SHA1

      2463edfe3d1667933aa2676876f4ac766450ff90

    • SHA256

      c4b6a54ec0f46c8c0df7d9f5f010c10c66ec23378b4548727fbfa2b3080ebf56

    • SHA512

      7747767ebb54a2973bde62e41e823588b9bde30d3d6e7648827b224d085daaff10a65a6b71a97c58d4c53f37e1a111587fe5834ac8168779bcdb4e4e266ef44b

    • SSDEEP

      49152:3vnI22SsaNYfdPBldt698dBcjHdDRJ6tbR3LoGdkTHHB72eh2NT:3vI22SsaNYfdPBldt6+dBcjHdDRJ6/

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks