General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
quasar
1.4.1
Office04
45.200.148.197:8080
b24e0ed5-7881-48ee-84be-d87223f56093
-
encryption_key
561A2408C473BBAB7B3AD5B4005F5481E98E07AC
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Extracted
quasar
1.4.1
1
microsoft-visualstudiocode.com:7000
b87d629c-e061-458a-aab7-6a7d3810225a
-
encryption_key
608C2EF7FA3C5E6905B737821BA5F1BF71A72757
-
install_name
Client.exe
-
log_directory
winkey
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
https://filebin.net/pb7xg4p9kwa3p0ss
-
Quasar payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Loads dropped DLL
-
Modifies file permissions
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Indicator Removal
2Clear Windows Event Logs
1File Deletion
1Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1