General

  • Target

    FirefoxSetup115.17.0esr.exe

  • Size

    59.6MB

  • Sample

    241003-l86xpawhlq

  • MD5

    1466dfc56ce12ce27180468c9914634c

  • SHA1

    490bddaf1c12b622cd767256a0cd1b34b3ba33be

  • SHA256

    0ef23f31ae808058df228dc0ad1c342eddaa40036145a06a9803f1b84ecf8851

  • SHA512

    f27ad63d62a1d880c8e32ffab1db2a42413241b0acc5e831b265665fb805f95b0893effc59d5f7607bd049fc2ed62caf689dae83af52badc3898ec5ecb9baa4c

  • SSDEEP

    1572864:P+FUaUyDDP5GMrKEKCkHrGVDlABcG3ehVY9lIvz12FJah/3B:P+FlUQDP5br2ZLGVDqJu/knFJa

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Test

C2

127.0.0.1:4782

Mutex

bd6c3b1d-6aa7-4e42-9f88-ac99d54904d9

Attributes
  • encryption_key

    63667F73F7CDD8FC0A2474F0D1CB5D2D071D6D70

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SystemFile

Targets

    • Target

      FirefoxSetup115.17.0esr.exe

    • Size

      59.6MB

    • MD5

      1466dfc56ce12ce27180468c9914634c

    • SHA1

      490bddaf1c12b622cd767256a0cd1b34b3ba33be

    • SHA256

      0ef23f31ae808058df228dc0ad1c342eddaa40036145a06a9803f1b84ecf8851

    • SHA512

      f27ad63d62a1d880c8e32ffab1db2a42413241b0acc5e831b265665fb805f95b0893effc59d5f7607bd049fc2ed62caf689dae83af52badc3898ec5ecb9baa4c

    • SSDEEP

      1572864:P+FUaUyDDP5GMrKEKCkHrGVDlABcG3ehVY9lIvz12FJah/3B:P+FlUQDP5br2ZLGVDqJu/knFJa

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks