General
-
Target
dddf4ec4d813131cd65ab7386154db7ed9d63ce84e4704a5532e7aa22e624c58.exe
-
Size
2.2MB
-
Sample
241107-dwr9rswrcp
-
MD5
cf118a2c4586551e6eae18e41b52842a
-
SHA1
4e3518b74b2ae236777986f27d45d8d70358256e
-
SHA256
dddf4ec4d813131cd65ab7386154db7ed9d63ce84e4704a5532e7aa22e624c58
-
SHA512
121276892dda96e7e67416ead523c6fe3bfb7f32d6a24d3b7a494bfe82be03430010907d8ba8eb0c4eb5248f958ee489788c32d2295f190ee3b6502c3358a8d3
-
SSDEEP
49152:a7ptnb2Lrccd46i8IfuCnAaYMXmJR1CfWmO9xbHRFV8HU:o92L+6i8IAZJ6+zDx/m
Malware Config
Extracted
quasar
1.4.1
CHING-CHONG
goooooooool.com:1337
771ac64-b9299-43dc-b9229-3a828da05
-
encryption_key
1FBC2542A1A2F356C726019FD7BD6FEA628A4E1A
-
install_name
shellhost.exe
-
log_directory
syslogs
-
reconnect_delay
3333
-
startup_key
ShellHost
-
subdirectory
Code
Targets
-
-
Target
dddf4ec4d813131cd65ab7386154db7ed9d63ce84e4704a5532e7aa22e624c58.exe
-
Size
2.2MB
-
MD5
cf118a2c4586551e6eae18e41b52842a
-
SHA1
4e3518b74b2ae236777986f27d45d8d70358256e
-
SHA256
dddf4ec4d813131cd65ab7386154db7ed9d63ce84e4704a5532e7aa22e624c58
-
SHA512
121276892dda96e7e67416ead523c6fe3bfb7f32d6a24d3b7a494bfe82be03430010907d8ba8eb0c4eb5248f958ee489788c32d2295f190ee3b6502c3358a8d3
-
SSDEEP
49152:a7ptnb2Lrccd46i8IfuCnAaYMXmJR1CfWmO9xbHRFV8HU:o92L+6i8IAZJ6+zDx/m
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-