Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/S...

windows10-2004-x64

10

https://github.com/S...

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://github.com/SoftwarePixel/Rune/releases/download/latest/RUNE_CE.zip

  • Sample

    240823-xwb3bs1fla

Score
10/10
quasarrune cediscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Rune CE

C2

rune.ddns.net:4782

Mutex

41a40556-c751-41a4-bb4f-2137f4333dcb

Attributes
  • encryption_key

    CE3A02BEBA7F955E1059F0AE4AAC52DB5AD303EB

  • install_name

    Rune_CE.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Rune_CE

  • subdirectory

    SubDir

Targets

    • Target

      https://github.com/SoftwarePixel/Rune/releases/download/latest/RUNE_CE.zip

    Score
    10/10
    quasarrune cediscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks