General

  • Target

    Discord.exe

  • Size

    3.4MB

  • Sample

    241027-wby6pa1dlm

  • MD5

    10c1f09bc3622fd5731fd59c9ee9f364

  • SHA1

    2810179bd17f36d4bfc8bcb8a6e5550364add546

  • SHA256

    bb1e3ab96fc200f8a2e2392e50d49ed07f79685feb952a7f763e9bd39ed9f95d

  • SHA512

    59b74e02b05da0388873f421b61d6a7bbe4a0c451309dd7d73ee3fb45cb9ed473097810188f26af2900213580ee41f923ad69c59e4ffca4517c548651c011a15

  • SSDEEP

    49152:ZvLe821/aQWl8P0lSk3aKA3Z+ncKFhQoGdITHHB72eh2NT:Zvq821/aQWl8P0lSk3DA3Z+ncKFW

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Discord

C2

192.168.0.21:4782

Mutex

6848d73c-338e-4d72-b4ed-98b57a48ac11

Attributes
  • encryption_key

    A8DD1D22E5D9A23DED8DD538404A72125636D367

  • install_name

    Discord.exe

  • log_directory

    89jfidsfu9032jr-94302ujfidshf903-90ds8ahf03892yr-8d90saudaisuh023

  • reconnect_delay

    3000

  • startup_key

    Discord

  • subdirectory

    Update

Targets

    • Target

      Discord.exe

    • Size

      3.4MB

    • MD5

      10c1f09bc3622fd5731fd59c9ee9f364

    • SHA1

      2810179bd17f36d4bfc8bcb8a6e5550364add546

    • SHA256

      bb1e3ab96fc200f8a2e2392e50d49ed07f79685feb952a7f763e9bd39ed9f95d

    • SHA512

      59b74e02b05da0388873f421b61d6a7bbe4a0c451309dd7d73ee3fb45cb9ed473097810188f26af2900213580ee41f923ad69c59e4ffca4517c548651c011a15

    • SSDEEP

      49152:ZvLe821/aQWl8P0lSk3aKA3Z+ncKFhQoGdITHHB72eh2NT:Zvq821/aQWl8P0lSk3DA3Z+ncKFW

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks