General
-
Target
e7b175e7b4e579fe314e56c1a195a937c0e7780fbc0f3def13b7dae08560000f.exe
-
Size
491KB
-
Sample
240821-nhmr8szakk
-
MD5
fcc248bdb9b56bdd926a13bbff61fadd
-
SHA1
45bf684e6add3acf6fd8b3e8f6e923195f7994d7
-
SHA256
e7b175e7b4e579fe314e56c1a195a937c0e7780fbc0f3def13b7dae08560000f
-
SHA512
b02fdae03adbee721d853053a95bea188b5453f0d270c71fe9a613bbb40f0c9d4e4e57a8d8eab117316ada9cde45223171f89c2e05a8a4fe7254b884ad3e731c
-
SSDEEP
12288:kK0rI0JwBzjDtVqGcrX4vLH2mTMGG5D8ajXBnGBF5XlXJZSo:f0XGvDtVqGkX4vz/ID8ajXByXlXJZ
Malware Config
Extracted
quasar
1.3.0.0
Moasa
neji.w0rld.ga:7777
DerPeeekshsaPjTQXfNVygAvPX
-
encryption_key
3xF1E8vK84C8qCe7p0kkroBeQvMxMIry
-
install_name
Client.exe
-
log_directory
Harsh
-
reconnect_delay
2000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
e7b175e7b4e579fe314e56c1a195a937c0e7780fbc0f3def13b7dae08560000f.exe
-
Size
491KB
-
MD5
fcc248bdb9b56bdd926a13bbff61fadd
-
SHA1
45bf684e6add3acf6fd8b3e8f6e923195f7994d7
-
SHA256
e7b175e7b4e579fe314e56c1a195a937c0e7780fbc0f3def13b7dae08560000f
-
SHA512
b02fdae03adbee721d853053a95bea188b5453f0d270c71fe9a613bbb40f0c9d4e4e57a8d8eab117316ada9cde45223171f89c2e05a8a4fe7254b884ad3e731c
-
SSDEEP
12288:kK0rI0JwBzjDtVqGcrX4vLH2mTMGG5D8ajXBnGBF5XlXJZSo:f0XGvDtVqGkX4vz/ID8ajXByXlXJZ
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-