General

  • Target

    2024-08-06_3a17772d2540ed014741e236f6c30fd9_icedid_poet-rat_quasar-rat_xrat

  • Size

    4.8MB

  • Sample

    240806-awt7ksxdpg

  • MD5

    3a17772d2540ed014741e236f6c30fd9

  • SHA1

    e7c536f209c05680b4a2e123b2e260a2886b84a3

  • SHA256

    1a66aae122d7e5e31e88b8965f39e81933853528172ec885d0fd7250f1b4b1e9

  • SHA512

    7b3fd1e706dddab1a3b1f3d9c49557dae852a31890354d89c46a99ba7c8460676e28a31e306d8901e15dbf748ca7679b535709b758d2df3902d24d74a5f2b210

  • SSDEEP

    98304:u7CuwhYbivr22SsaNYfdPBldt6+dBcjHtKRJ6BjIbzZNIbzZY:enEM7jGI8EK

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

mx5.deitie.asia:4495

Mutex

ebbf737a-dddd-43dd-9b0a-74831302455d

Attributes
  • encryption_key

    F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      2024-08-06_3a17772d2540ed014741e236f6c30fd9_icedid_poet-rat_quasar-rat_xrat

    • Size

      4.8MB

    • MD5

      3a17772d2540ed014741e236f6c30fd9

    • SHA1

      e7c536f209c05680b4a2e123b2e260a2886b84a3

    • SHA256

      1a66aae122d7e5e31e88b8965f39e81933853528172ec885d0fd7250f1b4b1e9

    • SHA512

      7b3fd1e706dddab1a3b1f3d9c49557dae852a31890354d89c46a99ba7c8460676e28a31e306d8901e15dbf748ca7679b535709b758d2df3902d24d74a5f2b210

    • SSDEEP

      98304:u7CuwhYbivr22SsaNYfdPBldt6+dBcjHtKRJ6BjIbzZNIbzZY:enEM7jGI8EK

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks