General

  • Target

    Bootstrapper.rar

  • Size

    1.0MB

  • Sample

    240806-t9m5zathkl

  • MD5

    d9fa5de22e42d5e461b364ea96726a8f

  • SHA1

    ac92043326fec3571c9aac956006eed801a6e999

  • SHA256

    4d1a67cbb466e224e63bb648963c0de048b9fc9af98555a53b663e5e5f3b4695

  • SHA512

    9b851963034d6eac74e3ddd32dd7649649dde0e90a603ac2abb4b67d6445e002d140a7a0667cc3a7f3ac75c070683846e1749d70c54a1b9a36683b8dabf69942

  • SSDEEP

    24576:yF7IDE/sWubWgSC211TB3hJ1bWzTgEC6YRlbVFP704XC7J879x:y5XubWgSC+BBwz0EsbrwUqJ877

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

wefdwef-34180.portmap.host:34180

Mutex

c4be1726-3f86-4f80-bc7c-0779b06ffeeb

Attributes
  • encryption_key

    97BF1FDCF446A7218FA05296FD8D8F0C41A6B1E7

  • install_name

    Bootstrapper.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Spotify

  • subdirectory

    system32

Targets

    • Target

      Bootstrapper.rar

    • Size

      1.0MB

    • MD5

      d9fa5de22e42d5e461b364ea96726a8f

    • SHA1

      ac92043326fec3571c9aac956006eed801a6e999

    • SHA256

      4d1a67cbb466e224e63bb648963c0de048b9fc9af98555a53b663e5e5f3b4695

    • SHA512

      9b851963034d6eac74e3ddd32dd7649649dde0e90a603ac2abb4b67d6445e002d140a7a0667cc3a7f3ac75c070683846e1749d70c54a1b9a36683b8dabf69942

    • SSDEEP

      24576:yF7IDE/sWubWgSC211TB3hJ1bWzTgEC6YRlbVFP704XC7J879x:y5XubWgSC+BBwz0EsbrwUqJ877

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks