General

  • Target

    4b81e2314fdc8f614dce93135b5fa1d7aa76349b7aab5110afc250c42d49b341

  • Size

    85.4MB

  • Sample

    240817-2enf9a1bph

  • MD5

    896d320133e8e4f2a26d1e40107c998e

  • SHA1

    ceae2fc2d9f90ab185ecdb23fa2cfb25be1e856f

  • SHA256

    4b81e2314fdc8f614dce93135b5fa1d7aa76349b7aab5110afc250c42d49b341

  • SHA512

    bb4fc5c4e88e23b45db6ed5f07eae55de05f14670221ba4425545e30f8bde655165cf2e03ac6b5d59f67faa82a95cf20c4d8f2dc68a5a67a8be4809b291cfae5

  • SSDEEP

    1572864:lkQKJXn4toEMutTr0/M3wCyoq0JTsfGh9MG/lH5gyA3lAKhQBbZtBs/+sZJ4I:Cz3/bkRAQgfGh9MG/lH5gfPUbxts9

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Targets

    • Target

      Licenses/BouncyCastle_license.html

    • Size

      1KB

    • MD5

      56262735cf803b259d4ac97d8738194e

    • SHA1

      fe1bdb0ebab0633fd8e1f08751b9d76dbb7176b1

    • SHA256

      87c0b1f542d06c2b393aa8b459ccf96b9bd736c74b3aaf5987c91fcec844efef

    • SHA512

      7a9c5ddfdffc0ef42a609661858db80e568029fb6c226fec3d1e18ed87995a2f6e311d3bc3df2ca6e411d64a88990cb225c8574c9e73ba796915c7eb14c54520

    Score
    3/10
    • Target

      Plugins/PlugFileManager/Messages/FileManagerHandler.cs

    • Size

      17KB

    • MD5

      1694fc89dbd6af1aa568ba64d2da1704

    • SHA1

      2cc97f2a26828fae2c1769fc34408e818320b93a

    • SHA256

      eebf1e1c82010200e214f9498358e94d793b2ef41ba49bb7c1b9fac0b7608f43

    • SHA512

      968c47088eb195c34802aec783d6261e855f01793c7cc40fcab3d43c76264c0d4119ee3df625be6257fbbab896ae61f713adc62fe646d0f8a454ec88fa7c5507

    • SSDEEP

      192:68pOnvjfufbguIGZXVBbSYFbIEXmLDa5Z7oNIgdQj6y1qTgikp5Pf9kUt2U3:PUDspIUXuLDa5Z4dQAs92O

    Score
    3/10
    • Target

      Plugins/PlugFileManager/Networking/Client.cs

    • Size

      22KB

    • MD5

      7493bc4d8e7c79c705e43aec73248682

    • SHA1

      a41cc214b85d9d1392520bf2fec3d62261f0adfb

    • SHA256

      9615b8e6b99a3321800869e8b5d88de5eee44e7892bf8c1f8f72555234876da1

    • SHA512

      51bac315cceb1da934751fa321acdac8a0df1b17e55db8e305e191b98993b0d961eb241da805a3e453233b45ccafe85f57829b00bb99d329bccc99a23f0c3d78

    • SSDEEP

      192:3hUGnaVC7qiXIPdp2n5Wf1ENo7Y6MhQX6Np0fu0he1WlHib:RHaliXIPdAnKENo7Z4Qa0fuF1WlH2

    Score
    3/10
    • Target

      Plugins/PlugFileManager/Networking/QuasarClient.cs

    • Size

      4KB

    • MD5

      8dc62088dbf6656cc99667e4a23d9656

    • SHA1

      cecb92563fd8eb05ed9dc68ed0b70f4693509b4b

    • SHA256

      9730079cd7b6c9bad95543ac2cca4042618a93eb80698b8f648760d7a728b6fc

    • SHA512

      3944b944fcdf5565c68bcbb1e012ffdab7e7b88372e2359fe780366e262332a66e00ced73589b11dc63fa109b06eb6b2a292a8cc8b3979b175e902df5d82838b

    • SSDEEP

      96:goOMVnM/KcKhCWmUP7DAJnLcadYoNb3kX2xK:hnOjm7DAaayYb5K

    Score
    3/10
    • Target

      Plugins/PlugFileManager/Packet.cs

    • Size

      3KB

    • MD5

      d6e9387a15877a087869ad9d9be8d79c

    • SHA1

      9917d5e10602731b846cc783d81bfc86c4ee6032

    • SHA256

      00abeeb33645cbd1f51a1d511ea4d6a886f760b3ae6176778e036ccb4a53bdc6

    • SHA512

      8d9ef7edb68182342827129a08fe4dc1fe7b3242a8c18d275777c7c82fc710a0086116d0f03e821e111e5306cb7b3f8c17d5214eaba5ebc973382ac3ad090c8f

    Score
    3/10
    • Target

      Plugins/PlugFileManager/Plugin.cs

    • Size

      1KB

    • MD5

      9fadc4ad0537d3330249c43d95aeccc4

    • SHA1

      749e9410f36f73962e5146d153e41f9a5b87d633

    • SHA256

      97f7bada92bc7442c702496a3b76ef11468e4c95e23a2c968b91b865485920d5

    • SHA512

      b19de130bd072eec63ca0008081425a155a6697c809db9fa44bfd8efb9491dc89ccdf9b6e467bf750f067882fa8aa768e4f33037156b50ea0268cf5cd657e1b1

    Score
    3/10
    • Target

      Plugins/PlugFileManager/obj/Debug/PlugFileManager.dll

    • Size

      24KB

    • MD5

      1ecd5831321eb6f0362837b42e3ed765

    • SHA1

      2a1dc1172d9bc7ac4a919642b63c8b3cd06d8eb9

    • SHA256

      12dce25af68aa1b3a368f9a6a140f4c291b9e5af279cbadd4b515bbdda575c80

    • SHA512

      395e318ca5b4c1834bcedf3e4da00b8f1bd8897af08dc5bcfc053a1be986377b78efe5f4df2cfed94f9c348d0d472feb608e0d87582e3f5a91eda44a825169ab

    • SSDEEP

      384:Bk6AgER+YyKcmmpv+tedumZVjHcKxnv1Mw4Ylmz3y2L6G9lCcdc/HFNhO/0M0+hs:XE8Yr7mAtedumZV7niYlm3isl0vU2

    Score
    1/10
    • Target

      Plugins/PlugFileManager/obj/Release/PlugFileManager.dll

    • Size

      23KB

    • MD5

      cd70c898403f2ec91cbb3aa2a0d188f5

    • SHA1

      cb579a3b010ccc28f5533acda93d2cc02a4aff69

    • SHA256

      3fef461c11c9db65474647225d5c4344021a3b3428642fe91b780731388d5d5e

    • SHA512

      eb27313698c24853e4297f473a2219f4ba6b03add76260d5b4dd6c7a457c3ae70ce0cf47fc834204759b922387bcdd56cf1c111d9fb6de0433f806fedba53514

    • SSDEEP

      384:mMEhYSa/qKfdQA72FSmKduZbkbNgVBoLhJlvcdl/DIrNUQ70MWmE9:mMEh/iRfdT7oSFgVBoLl9+vB

    Score
    1/10
    • Target

      Plugins/PlugRecovery/Helpers/AntiAnalysis.cs

    • Size

      5KB

    • MD5

      3c59e069a57ba5f3424ded01d3deeac1

    • SHA1

      8311b1c3969500afb3e68acffd1ad83b37598744

    • SHA256

      bc8fded8cfc0eafbe4c7ca1f511584ea46ada7a4b200c1de9473dc4d35acb6d6

    • SHA512

      1200e0603fac24fdf1d5de986f4c48bb2d603397978430dbecaf42176dea0b29d9e35f87f28c82f788638dee4db46e57cc50544e23df1a99a4c70253be2451a9

    • SSDEEP

      96:JjN26W8MVvMtco3pULQR+VZt5VceagJgdIbHERRSU09xm2toEbD:W/Eio3pUER+vieX8RSU03mIoEf

    Score
    3/10
    • Target

      Plugins/PlugRecovery/Helpers/Banking.cs

    • Size

      5KB

    • MD5

      0a9fb73925674332f529a5c00e0d9011

    • SHA1

      290dec1b0347f8cd8ea9861ef23d9f7fcfc4e0ef

    • SHA256

      45fc8be0ff32b7637e5d82cb1d8f7658330612e03b5b064f4be57e06848191c8

    • SHA512

      35da9e079dd88c503602dc8c70da69d251e3a8b1c1e399d117b320b0f220922321c5d2de8ce45d77ae6ead811d8288cb7398c130f2314c7b666863dde01f99a2

    • SSDEEP

      96:Jj4YePIocToM0VZAMc/aEoJlZOEYBjLWfsev4yXd1y18ByPzNR0Ub:iWxKc/ZQlZNYBLWUQXdM18QPzNR0Ub

    Score
    3/10
    • Target

      Plugins/PlugRecovery/Helpers/Filemanager.cs

    • Size

      2KB

    • MD5

      a44095339b21a375d40086beb445de66

    • SHA1

      8f29dad644d26e00260b5b4a542c47e320766e90

    • SHA256

      487f389cd70c20028d68a4875cd2c666e60741013415e9563552090a19bf44f9

    • SHA512

      e398e05941e2b63abfc0d2dcefe834449a8732e5840e9906e3fc41b79f3aea81234aae02b1da0e37ad42bf1caf2c77820a56aae1d0c759e22b9affbb71071859

    Score
    3/10
    • Target

      Plugins/PlugRecovery/Helpers/Logging.cs

    • Size

      901B

    • MD5

      ce836eee5f83b5dabd4310a1998688b8

    • SHA1

      07648085542cd87826d0238e52e4cdbe135ecfd2

    • SHA256

      dfedbfd8b73cf9a80d3b5361328a729a32c210826195c9c0c103b5e1db6d966b

    • SHA512

      a47766a8d8fcc89843e3bd9d2fee1178d5a9975f04d11a704c2ba5845bd8ca0db927d0a592ae408d57a204e4bdbc0d131ada1fa2f82513d7294360f21608edfe

    Score
    3/10
    • Target

      Plugins/PlugRecovery/Helpers/Paths.cs

    • Size

      10KB

    • MD5

      4e5f743f5c2667daa01fc94bd6d04fa2

    • SHA1

      2b831e6b74bc79d55151da21518a0bc4dbfd65b5

    • SHA256

      054c8b72dfee0c680a11bd43db783c8d337b5fcdcb1aa6a679c9c90697e7eaa4

    • SHA512

      0efcc47a9c33aca2ccc351e30a4e57025579049f25c2433f7208c5049ecc74f6a088ffb29101c5fd3b72ae4774881caf5076903ab180d071de8993bd6993e10a

    • SSDEEP

      192:9qPOnllcHvMf6Tkg6Vxg9J/U+oRi8MRKWQUXQ+4Mb:sBkypcWH/UK8MRBP4+

    Score
    3/10
    • Target

      Plugins/PlugRecovery/Helpers/Report.cs

    • Size

      7KB

    • MD5

      3f8fe700ea60886e0ad41c5b93f8d971

    • SHA1

      2c233c27b0e5a5cbc16e5c39f920550be52edc2b

    • SHA256

      db66be87ac9ef5904d6c9c7e7681db589dcf706959cebc00132a2704e4141652

    • SHA512

      dfe8d22ce91976c7d9a2e9f04a515ac0a5bf4c381618a1ae9d83186fd0a6393a6c5d8ac15425053e03ec574f88f025d3eb9f47c206eb2fb91373c600c2bfe4dd

    • SSDEEP

      192:i2ki3KMO+pOy5SOTOPOkEOcOqOcOU3OhOlOFO8dOz6O3O7OBOROHO91MRUOAOHI4:i2PktMKWkdV/V7sQw8IzPeSMcu9qPRGS

    Score
    3/10
    • Target

      Plugins/PlugRecovery/Helpers/SQLite.cs

    • Size

      18KB

    • MD5

      97b223061e95ffe5089da1a687026d84

    • SHA1

      1884de3b0d5eb9cfa32f8569db3762389b1c5889

    • SHA256

      fcb788540955e0dafdaae6b22fb811d535c21996c9f9a404c352d565b7ff249c

    • SHA512

      49eaeb9021a7c8a25b1676d763ee54d61e6fc2abfadafc99ebf20e0004565aeeff35f73528ce49dd3944849166fb29c98d5e4c1238d69bdf0723b999d52837f4

    • SSDEEP

      384:iAN9AA8zm8Ab8xAIYWl9dX6OwdlFq1FYYFRN0mTZRH3:iAN9AA8zm8Ab8xAIYWl9dX6OwdfqPYon

    Score
    3/10
    • Target

      Plugins/PlugRecovery/Helpers/SqlReader.cs

    • Size

      776B

    • MD5

      2ec892a22f5b716be7aa5faf4d896e3f

    • SHA1

      5f5f75e9d28e0beeccfcd350101f50d7898108d7

    • SHA256

      0d357e56aab508d67a758db2586f4c2f3fa0e466724e364ae4c90dace563c985

    • SHA512

      4151673f0ad6857b177cc6f0a634d2c04383bda194c16e4c07938630e13c20df5642e5fe82f443c6ad6ddde272efbf34561660a5e183ee11ea97eee23ce6b22e

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

quasar
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

discovery
Score
3/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10