General

  • Target

    REFWREFWFERW.exe

  • Size

    3.1MB

  • Sample

    240817-bgk6ssyare

  • MD5

    48bcf3f7f7ed5211153d9a13b314953f

  • SHA1

    1e96a281f60635faa75716ffd3335d11c071a10c

  • SHA256

    d899107c3850793a06f662ab3d72e8a264aad084d1de32fab0dcbde2f6aff825

  • SHA512

    b5ea0313537a6a053d4016f64c0ffd4b8a2f3647bf07030442d34cefdcc04572d576e134a5ae95a2d3942e7da78d0aa281525d02d99d0351cae8dffe06c852a4

  • SSDEEP

    49152:PvTlL26AaNeWgPhlmVqvMQ7XSKOCS11J/moGdvTHHB72eh2NT:PvJL26AaNeWgPhlmVqkQ7XSKOCSI

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

skibidi

C2

147.185.221.21:5176

147.185.221.21:64088

Mutex

48d7feae-7986-4f1b-9452-517641c90050

Attributes
  • encryption_key

    0C9BBAEF09101D90892F662DEEC9776ED5994649

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      REFWREFWFERW.exe

    • Size

      3.1MB

    • MD5

      48bcf3f7f7ed5211153d9a13b314953f

    • SHA1

      1e96a281f60635faa75716ffd3335d11c071a10c

    • SHA256

      d899107c3850793a06f662ab3d72e8a264aad084d1de32fab0dcbde2f6aff825

    • SHA512

      b5ea0313537a6a053d4016f64c0ffd4b8a2f3647bf07030442d34cefdcc04572d576e134a5ae95a2d3942e7da78d0aa281525d02d99d0351cae8dffe06c852a4

    • SSDEEP

      49152:PvTlL26AaNeWgPhlmVqvMQ7XSKOCS11J/moGdvTHHB72eh2NT:PvJL26AaNeWgPhlmVqkQ7XSKOCSI

MITRE ATT&CK Enterprise v15

Tasks