Overview

overview

10

Static

static

10

AIRVPNNNNN...EE.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AIRVPNNNNNNNNNNNNNNNNNOSIRVEEEEEE.exe

  • Size

    3.1MB

  • Sample

    241113-ge6bvawlex

  • MD5

    434bebcd54481549163ce6c29eefb0ed

  • SHA1

    f0a643b353cd1d5c16ededbec902ab4e8462a5cc

  • SHA256

    9f3064a561f1c6554ca816569553ccf751a9a22360184a53c9b32db66017dbca

  • SHA512

    3dcc0ae35b3d210e04042a70b933c00ad9fcf41eee9938e1239fc93a12f16cb1641ce2ac454e9893239d1f45c6065c21e3400a544db6c4e873a9cde5e3cde403

  • SSDEEP

    49152:bvyI22SsaNYfdPBldt698dBcjHt5vE1JV/oGdcTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHt5vS

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

204.8.98.75:4782

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes
  • encryption_key

    AEA258EF65BF1786F0F767C0BE2497ECC304C46F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      AIRVPNNNNNNNNNNNNNNNNNOSIRVEEEEEE.exe

    • Size

      3.1MB

    • MD5

      434bebcd54481549163ce6c29eefb0ed

    • SHA1

      f0a643b353cd1d5c16ededbec902ab4e8462a5cc

    • SHA256

      9f3064a561f1c6554ca816569553ccf751a9a22360184a53c9b32db66017dbca

    • SHA512

      3dcc0ae35b3d210e04042a70b933c00ad9fcf41eee9938e1239fc93a12f16cb1641ce2ac454e9893239d1f45c6065c21e3400a544db6c4e873a9cde5e3cde403

    • SSDEEP

      49152:bvyI22SsaNYfdPBldt698dBcjHt5vE1JV/oGdcTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHt5vS

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks