General

  • Target

    incognito.exe

  • Size

    3.1MB

  • Sample

    240806-pn445sshqb

  • MD5

    4e885e883cb02e14af809a2e8b4807b2

  • SHA1

    61ffdce7aa773657e4e80bec8ae5581973d86f47

  • SHA256

    544f0fca11640d5ee8773de000674d869833b834ae2819e5a9196351fb479c50

  • SHA512

    884fbc32ea58d02a735ddf48ada2e2c9915581ff50679535bbb0d0cada6463b330454c6bbd66f7fee54f07d033b114816feeee527df9197cc87622029336227d

  • SSDEEP

    49152:uvmI22SsaNYfdPBldt698dBcjHK5DGbRcLoGdz2lTHHB72eh2NT:uvr22SsaNYfdPBldt6+dBcjHK5DJD2

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

/gakimyny-40562.portmap.host:4782

Mutex

46e7ef3b-8d62-4396-a1b6-7d8a2353e907

Attributes
  • encryption_key

    4CCD03EE2B3F5EBE1286E32B25E48A9D2C6CC0F5

  • install_name

    incognito.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    CrashHandler

  • subdirectory

    SubDir

Targets

    • Target

      incognito.exe

    • Size

      3.1MB

    • MD5

      4e885e883cb02e14af809a2e8b4807b2

    • SHA1

      61ffdce7aa773657e4e80bec8ae5581973d86f47

    • SHA256

      544f0fca11640d5ee8773de000674d869833b834ae2819e5a9196351fb479c50

    • SHA512

      884fbc32ea58d02a735ddf48ada2e2c9915581ff50679535bbb0d0cada6463b330454c6bbd66f7fee54f07d033b114816feeee527df9197cc87622029336227d

    • SSDEEP

      49152:uvmI22SsaNYfdPBldt698dBcjHK5DGbRcLoGdz2lTHHB72eh2NT:uvr22SsaNYfdPBldt6+dBcjHK5DJD2

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks