General

  • Target

    incognito.exe

  • Size

    3.1MB

  • Sample

    240806-pa3ddssfjh

  • MD5

    b77974010936f4479bf1cf760a4aa5d7

  • SHA1

    07c90a99919bd4febfff9a943a610cf810cea5ae

  • SHA256

    2cbde10dd87ea27ad229cc4d170de1aef0a35b24625a8a2fbba56752f5f7ea26

  • SHA512

    aa6ed9a296f3d144645d22ff86eb436623a3303de5efb249af3367de11957c4a08dc77882e8bca8c86a661eeedfe17ddb417eddd1255ce27dc2c58a47296ee3c

  • SSDEEP

    49152:HvrI22SsaNYfdPBldt698dBcjH26RJ6GbR3LoGdgBETHHB72eh2NT:HvU22SsaNYfdPBldt6+dBcjH26RJ6AY

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

gakimyny-40562.portmap.host:40562

Mutex

3190392e-398a-49b5-b000-b1f2ad7b563e

Attributes
  • encryption_key

    C82052C6AA81D4430841915516E777F1172AA1B4

  • install_name

    incognito.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    JavaUpdater

  • subdirectory

    SubDir

Targets

    • Target

      incognito.exe

    • Size

      3.1MB

    • MD5

      b77974010936f4479bf1cf760a4aa5d7

    • SHA1

      07c90a99919bd4febfff9a943a610cf810cea5ae

    • SHA256

      2cbde10dd87ea27ad229cc4d170de1aef0a35b24625a8a2fbba56752f5f7ea26

    • SHA512

      aa6ed9a296f3d144645d22ff86eb436623a3303de5efb249af3367de11957c4a08dc77882e8bca8c86a661eeedfe17ddb417eddd1255ce27dc2c58a47296ee3c

    • SSDEEP

      49152:HvrI22SsaNYfdPBldt698dBcjH26RJ6GbR3LoGdgBETHHB72eh2NT:HvU22SsaNYfdPBldt6+dBcjH26RJ6AY

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks