General
-
Target
OptiFine_1.19.4_HD_U_I4.jar
-
Size
6.7MB
-
Sample
241031-hacpeasgjr
-
MD5
2e58bf463ec7e9964fe381a5afc17da1
-
SHA1
40a44c00d4f06ba82e97b8eb71aab3823f4e9d93
-
SHA256
2c010bcae341cf1003c194a4b566a0cb0c8dff2443d2f9fbd9e7a2d9abc8af6a
-
SHA512
94d0673370168322cc6ba5ae7bc9ad5d5c4246aa10f8929239dedc25639255c807c32ea248ee751c42aed9ca61cf37ab391d7d3a9ba57bc643e091c9ef4009d1
-
SSDEEP
98304:+4T54pxq3gbAuFu0Lw6jEKuBj036dh1KyMH9vPMDNgPjDbHA:+4TCxq3gtFuiWKufdh1jA9H7LPg
Malware Config
Extracted
quasar
-
reconnect_delay
5000
Extracted
quasar
1.4.1
Office04
10.127.0.200:4782
975d3cc6-ab1f-4679-b834-3e8efe46f975
-
encryption_key
433895AE7B4C5D8EF94D36D167293A1C1914DBFB
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
OptiFine_1.19.4_HD_U_I4.jar
-
Size
6.7MB
-
MD5
2e58bf463ec7e9964fe381a5afc17da1
-
SHA1
40a44c00d4f06ba82e97b8eb71aab3823f4e9d93
-
SHA256
2c010bcae341cf1003c194a4b566a0cb0c8dff2443d2f9fbd9e7a2d9abc8af6a
-
SHA512
94d0673370168322cc6ba5ae7bc9ad5d5c4246aa10f8929239dedc25639255c807c32ea248ee751c42aed9ca61cf37ab391d7d3a9ba57bc643e091c9ef4009d1
-
SSDEEP
98304:+4T54pxq3gbAuFu0Lw6jEKuBj036dh1KyMH9vPMDNgPjDbHA:+4TCxq3gtFuiWKufdh1jA9H7LPg
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-