General
-
Target
67d3bd519670a3a0fdcb3b30b0e143e73225cf561d2448a92e8e9378e989ac86.bat
-
Size
535KB
-
Sample
241111-cz94ba1alq
-
MD5
b9e1a4ea5f3b3fd0b0394183365edf8b
-
SHA1
79bec6a406682c1385ba71a62e70b5744de0fb76
-
SHA256
67d3bd519670a3a0fdcb3b30b0e143e73225cf561d2448a92e8e9378e989ac86
-
SHA512
132bcd79be79e2b2fb6319d25f9ae89fc8bda65c9872792181b270cd31ad43998c1a34319e9d2f66e7bf3f035428231644d3c253e6eb1ae30095b64a702cf969
-
SSDEEP
12288:jdnWhmK+sUu8PzDo84iBk1XZq51gzyqS996PxMdGos+Rcxdj:9WhmFsJ848Zk9KyMdGL+Y5
Malware Config
Extracted
quasar
1.4.1
Office04
walkout.ddnsgeek.com:8080
27391f85-a482-471a-b2cd-1f8ab5bde32e
-
encryption_key
6469F8C5BA9A2CFDCF4A3F1651D1E92DBEA41117
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
67d3bd519670a3a0fdcb3b30b0e143e73225cf561d2448a92e8e9378e989ac86.bat
-
Size
535KB
-
MD5
b9e1a4ea5f3b3fd0b0394183365edf8b
-
SHA1
79bec6a406682c1385ba71a62e70b5744de0fb76
-
SHA256
67d3bd519670a3a0fdcb3b30b0e143e73225cf561d2448a92e8e9378e989ac86
-
SHA512
132bcd79be79e2b2fb6319d25f9ae89fc8bda65c9872792181b270cd31ad43998c1a34319e9d2f66e7bf3f035428231644d3c253e6eb1ae30095b64a702cf969
-
SSDEEP
12288:jdnWhmK+sUu8PzDo84iBk1XZq51gzyqS996PxMdGos+Rcxdj:9WhmFsJ848Zk9KyMdGL+Y5
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-