Overview

overview

10

Static

static

10

Patch.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Patch.exe

  • Size

    3.1MB

  • Sample

    241025-bdmkfszfll

  • MD5

    1af4fedafce801a5dcbe6903f9a6a568

  • SHA1

    eb52378e958367855e92c7517c731286e6b0cc3d

  • SHA256

    a06b7945984979ca96b6f569cdee5cf9912ec64f87929aa6aa79353ed893230a

  • SHA512

    20799549de0b85c1690984ee9221c46b7bdc28239b36183646d8ed360bde2d2718a827c394b09482be008eb457eb08bb6562338dbdc2e93351064230fbe831ab

  • SSDEEP

    49152:2vBt62XlaSFNWPjljiFa2RoUYIOCRJ62bR3LoGdhLzTHHB72eh2NT:2vr62XlaSFNWPjljiFXRoUYIOCRJ6w

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

2.tcp.us-cal-1.ngrok.io:14537

Mutex

0f60b981-1a45-472b-acf2-32d2fa49956b

Attributes
  • encryption_key

    B3CE4ADBCFC896D87D5632035EB0E3D075AB14F9

  • install_name

    LOGI_INT.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    LOGI_INT

  • subdirectory

    SubDir

Targets

    • Target

      Patch.exe

    • Size

      3.1MB

    • MD5

      1af4fedafce801a5dcbe6903f9a6a568

    • SHA1

      eb52378e958367855e92c7517c731286e6b0cc3d

    • SHA256

      a06b7945984979ca96b6f569cdee5cf9912ec64f87929aa6aa79353ed893230a

    • SHA512

      20799549de0b85c1690984ee9221c46b7bdc28239b36183646d8ed360bde2d2718a827c394b09482be008eb457eb08bb6562338dbdc2e93351064230fbe831ab

    • SSDEEP

      49152:2vBt62XlaSFNWPjljiFa2RoUYIOCRJ62bR3LoGdhLzTHHB72eh2NT:2vr62XlaSFNWPjljiFXRoUYIOCRJ6w

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks