General
-
Target
skibidirat.exe
-
Size
3.1MB
-
Sample
240805-jzq4rs1blm
-
MD5
797c5548befc52f7b0dbedc8e6172184
-
SHA1
05e5fd623d589e9790e648348f05e317d926b8c4
-
SHA256
62e9fdaaf90da01ef28a26823e3442d73b93dc0e23d93139df631701cf6da260
-
SHA512
2ed20953b97ae2a2dfad7735dcef327f69cd08e9d2acaefd7a23dec0890463dd5a97c5cb1fb54634a052613b55752fc3ce624939dd89ef85bcdae5d46a19e0b5
-
SSDEEP
49152:xHobtR1o2PmNXo7WCr5Ft4Rw8FcXrYd+THHB72eh2NT:xHmRvmNXo7WCr5+w8A
Malware Config
Extracted
quasar
1.4.1
Office04
147.185.221.18:42996
147.185.221.18:1770
c2e1b18a-ce93-436d-ad8b-21bf89015e19
-
encryption_key
9E968F05BD874BA1BE086FD1774A027473823F49
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
skibidirat.exe
-
Size
3.1MB
-
MD5
797c5548befc52f7b0dbedc8e6172184
-
SHA1
05e5fd623d589e9790e648348f05e317d926b8c4
-
SHA256
62e9fdaaf90da01ef28a26823e3442d73b93dc0e23d93139df631701cf6da260
-
SHA512
2ed20953b97ae2a2dfad7735dcef327f69cd08e9d2acaefd7a23dec0890463dd5a97c5cb1fb54634a052613b55752fc3ce624939dd89ef85bcdae5d46a19e0b5
-
SSDEEP
49152:xHobtR1o2PmNXo7WCr5Ft4Rw8FcXrYd+THHB72eh2NT:xHmRvmNXo7WCr5+w8A
-
Quasar payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1