quasar | 94107620a62b75308841e6c0843ab729ea669c1ef3093d3269d7c441a4f96d58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94107620a62b75308841e6c0843ab729ea669c1ef3093d3269d7c441a4f96d58
Size

9.8MB
Sample

240811-r9v5gaydlf
MD5

c8226ceeb833b1c47bda8f66746f513c
SHA1

018eab0b538d6db42a93892e5dd83c91ed1e2a23
SHA256

94107620a62b75308841e6c0843ab729ea669c1ef3093d3269d7c441a4f96d58
SHA512

24cc1424af10b0173c74dbb8615550889de088d1415201bdba87063d72270f791a76c114316e8c7b66153750ffcfa68b0ec4c03f2dcf5bbdc018ad034f1e7104
SSDEEP

196608:zij47vx2ClMxh8ZJ3kWEI8wW3oyfslEwH83NH0UVl49FxSdKW2MElUmQ1:CQvTbZJ3kCo3XCE+g+UA9jGKW2dUh1

Score

10^/10

quasar new discovery

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

new

C2

caidume1368.ddns.net:8848

Mutex

QSR_MUTEX_R0hgbF7yLuRhg3Rgzz

Attributes

encryption_key
biBX9ViJeqb7RvdyQ0zK
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
QQQQQ
subdirectory
SubDir

Targets

- Target
  
  94107620a62b75308841e6c0843ab729ea669c1ef3093d3269d7c441a4f96d58
- Size
  
  9.8MB
- MD5
  
  c8226ceeb833b1c47bda8f66746f513c
- SHA1
  
  018eab0b538d6db42a93892e5dd83c91ed1e2a23
- SHA256
  
  94107620a62b75308841e6c0843ab729ea669c1ef3093d3269d7c441a4f96d58
- SHA512
  
  24cc1424af10b0173c74dbb8615550889de088d1415201bdba87063d72270f791a76c114316e8c7b66153750ffcfa68b0ec4c03f2dcf5bbdc018ad034f1e7104
- SSDEEP
  
  196608:zij47vx2ClMxh8ZJ3kWEI8wW3oyfslEwH83NH0UVl49FxSdKW2MElUmQ1:CQvTbZJ3kCo3XCE+g+UA9jGKW2dUh1
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2