Overview

overview

10

Static

static

3

2a4751457c...0f.exe

windows7-x64

10

2a4751457c...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a4751457c3ab5125478cfebea685b92046e047dedc07ecb0b32f2d6c6293a0f.exe

  • Size

    3.2MB

  • Sample

    241009-vtpvaszcrm

  • MD5

    0a8cfbcfffa98cb54b6746fec4981101

  • SHA1

    9394653bbd0ca684970c5d482e26a89f60d4e975

  • SHA256

    2a4751457c3ab5125478cfebea685b92046e047dedc07ecb0b32f2d6c6293a0f

  • SHA512

    b6b37161737d582f885bcba9685ad5badc8116e8c46c2f6c888908e6ac44613a85a34cae93915832ac660204fb99dbc23e5b354dfc2b4999d1ca45bb7193753b

  • SSDEEP

    49152:soe3aWG7CWXpqWNSCsaY3CvuNC9RKb0r0OucozUNXFsnlVIE9z:sh3NGOQzd7EeuFb05uF3nl+EV

Score
10/10
quasarlmdiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

LM

C2

165.22.194.189:5613

Mutex

2bdefbcb-91d1-48c0-8f2f-5de6eed0f91f

Attributes
  • encryption_key

    CE747EB2D32FE0BCC0E619D8A5C39FA94D35B260

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      2a4751457c3ab5125478cfebea685b92046e047dedc07ecb0b32f2d6c6293a0f.exe

    • Size

      3.2MB

    • MD5

      0a8cfbcfffa98cb54b6746fec4981101

    • SHA1

      9394653bbd0ca684970c5d482e26a89f60d4e975

    • SHA256

      2a4751457c3ab5125478cfebea685b92046e047dedc07ecb0b32f2d6c6293a0f

    • SHA512

      b6b37161737d582f885bcba9685ad5badc8116e8c46c2f6c888908e6ac44613a85a34cae93915832ac660204fb99dbc23e5b354dfc2b4999d1ca45bb7193753b

    • SSDEEP

      49152:soe3aWG7CWXpqWNSCsaY3CvuNC9RKb0r0OucozUNXFsnlVIE9z:sh3NGOQzd7EeuFb05uF3nl+EV

    Score
    10/10
    quasarlmdiscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks