General

  • Target

    mielda loco 12.7z

  • Size

    922KB

  • Sample

    241107-v5cn4syqdq

  • MD5

    441486cf8038d2f86fe265e7375390fe

  • SHA1

    a94f83e1bc67bae7ad4088f2e35c80d956715220

  • SHA256

    7939dbc108594835d67accfc36a503b7c1c60d8fd3b0726775d3889ba8cd733f

  • SHA512

    7265b4f98af0a105b4cb5dc1e39f45e6e568f799898f037763dfdb72ff6851a6f66a5fd2f44e19298d9a0bdbf1b7d0938a5b86f187be87cad3d3be2a4bc1d957

  • SSDEEP

    24576:6pdSFVQHYTE3oImE/b5Ug6Te7brnky1ffi:sGVQHYA3wgyg6o3kSfq

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Cristopher11sa-62565.portmap.host:62565

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes
  • encryption_key

    AEA258EF65BF1786F0F767C0BE2497ECC304C46F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      mielda loco 12.7z

    • Size

      922KB

    • MD5

      441486cf8038d2f86fe265e7375390fe

    • SHA1

      a94f83e1bc67bae7ad4088f2e35c80d956715220

    • SHA256

      7939dbc108594835d67accfc36a503b7c1c60d8fd3b0726775d3889ba8cd733f

    • SHA512

      7265b4f98af0a105b4cb5dc1e39f45e6e568f799898f037763dfdb72ff6851a6f66a5fd2f44e19298d9a0bdbf1b7d0938a5b86f187be87cad3d3be2a4bc1d957

    • SSDEEP

      24576:6pdSFVQHYTE3oImE/b5Ug6Te7brnky1ffi:sGVQHYA3wgyg6o3kSfq

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks