General
-
Target
ctt.exe
-
Size
1018KB
-
Sample
241028-w6xw4ssngq
-
MD5
a9f320e3029b0c53c416b96db522707a
-
SHA1
90bc4db1db8aac97be94ab8c35ba6c72ddbfae2d
-
SHA256
8babb109a6f8beacac92c1a6d44fab8f7e75004356202b017166caef6ae93664
-
SHA512
72a1be6ab09f7a9c5b032e2b042144432981feee2c67a36989b0bda15a446b6b9d078e56c0b368ce99ea0246ae56ab710268d4ac4d5f69ab34de5533f71e7906
-
SSDEEP
24576:kbi/QhDC8mY93kyw8hC2A5CxLbRpWrzzZyP4UMdZn6x3AUn://QMnl5YL7WzZyQRdKf
Malware Config
Extracted
quasar
1.4.1
Office04
79.16.224.116:4782
7ff8c9b6-9b37-4875-9a37-4ba500934af8
-
encryption_key
62BD9AD89C002DC49ECFCB143CD306F73074B7DF
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
ctt.exe
-
Size
1018KB
-
MD5
a9f320e3029b0c53c416b96db522707a
-
SHA1
90bc4db1db8aac97be94ab8c35ba6c72ddbfae2d
-
SHA256
8babb109a6f8beacac92c1a6d44fab8f7e75004356202b017166caef6ae93664
-
SHA512
72a1be6ab09f7a9c5b032e2b042144432981feee2c67a36989b0bda15a446b6b9d078e56c0b368ce99ea0246ae56ab710268d4ac4d5f69ab34de5533f71e7906
-
SSDEEP
24576:kbi/QhDC8mY93kyw8hC2A5CxLbRpWrzzZyP4UMdZn6x3AUn://QMnl5YL7WzZyQRdKf
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-