General
-
Target
54718ab7a93e2a2a00e355a58dfa1d4700ec08e925703bb72d7a25dd01973e9a
-
Size
2.2MB
-
Sample
241117-lc2yvswlav
-
MD5
ebbb525d514b2725487ea56391c67268
-
SHA1
2e4a7ca7d6029750336a59531fa92bb863200c8d
-
SHA256
54718ab7a93e2a2a00e355a58dfa1d4700ec08e925703bb72d7a25dd01973e9a
-
SHA512
b645c9b13ccd96f7fc02b5eccf6f11930baa28c174efb061c55742044e9d8079fc5d8d271b006f8c6369ac573dc7f4d222aa0d5c3e54f9ca78338f083ee546dd
-
SSDEEP
49152:Gll+JYqBe/XaZ9VMaAsRr1CwHLSJ1xGpocF8oWrwOcbRKF6Buu0:NJ1YXw11CwHLY1YOo4wBg
Malware Config
Extracted
quasar
1.4.1
Office04
162.230.48.189:4782
b739d9d4-46e7-4623-b745-58f79e3de3da
-
encryption_key
1101B928CCB2F89CEEC9E5352468A3EF026F77D5
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
54718ab7a93e2a2a00e355a58dfa1d4700ec08e925703bb72d7a25dd01973e9a
-
Size
2.2MB
-
MD5
ebbb525d514b2725487ea56391c67268
-
SHA1
2e4a7ca7d6029750336a59531fa92bb863200c8d
-
SHA256
54718ab7a93e2a2a00e355a58dfa1d4700ec08e925703bb72d7a25dd01973e9a
-
SHA512
b645c9b13ccd96f7fc02b5eccf6f11930baa28c174efb061c55742044e9d8079fc5d8d271b006f8c6369ac573dc7f4d222aa0d5c3e54f9ca78338f083ee546dd
-
SSDEEP
49152:Gll+JYqBe/XaZ9VMaAsRr1CwHLSJ1xGpocF8oWrwOcbRKF6Buu0:NJ1YXw11CwHLY1YOo4wBg
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Suspicious use of SetThreadContext
-