General

  • Target

    2024-11-02_ab3645924d8778ff67010227f5ca5e00_icedid_poet-rat_quasar-rat_xrat

  • Size

    4.8MB

  • Sample

    241102-jcfphs1cqj

  • MD5

    ab3645924d8778ff67010227f5ca5e00

  • SHA1

    1e51f15f3f0b6c44b12eb21e50cfb8886ffd7e8a

  • SHA256

    96c634c1e1c36808ad958b40621d8c7a13c6547ab74a5c9ccb6244a116d78116

  • SHA512

    a6df667e691213fae398a701f083c0011f2d98aff78795aa71ea4b3f94f0781c83d109c889f9ff14f8e729428cdfb07bb235c21d52b0a90cd51be763fea0192d

  • SSDEEP

    98304:8vkNM5qKvr22SsaNYfdPBldt6+dBcjHtKRJ6BgIbzZ2IbzZY:lCM7jGIrXK

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

mx5.deitie.asia:4495

Mutex

ebbf737a-dddd-43dd-9b0a-74831302455d

Attributes
  • encryption_key

    F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      2024-11-02_ab3645924d8778ff67010227f5ca5e00_icedid_poet-rat_quasar-rat_xrat

    • Size

      4.8MB

    • MD5

      ab3645924d8778ff67010227f5ca5e00

    • SHA1

      1e51f15f3f0b6c44b12eb21e50cfb8886ffd7e8a

    • SHA256

      96c634c1e1c36808ad958b40621d8c7a13c6547ab74a5c9ccb6244a116d78116

    • SHA512

      a6df667e691213fae398a701f083c0011f2d98aff78795aa71ea4b3f94f0781c83d109c889f9ff14f8e729428cdfb07bb235c21d52b0a90cd51be763fea0192d

    • SSDEEP

      98304:8vkNM5qKvr22SsaNYfdPBldt6+dBcjHtKRJ6BgIbzZ2IbzZY:lCM7jGIrXK

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks