Overview

overview

10

Static

static

3

KRcLFIz5PCQunB7.exe

windows7-x64

3

KRcLFIz5PCQunB7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce17ceabb0271fc086f17eeda13a42934aeb9122bf89dcdc50ee9490f515c0e5

  • Size

    3.5MB

  • Sample

    241120-tcc9hatmdk

  • MD5

    0df7d636d30629979f6c34d0f8862517

  • SHA1

    46b2b765e9f02573d77b1e28cfe7237d0b5df09b

  • SHA256

    ce17ceabb0271fc086f17eeda13a42934aeb9122bf89dcdc50ee9490f515c0e5

  • SHA512

    0006df0e260bd586fa2711dfc136f96c7de9cb82c207ff3bdb75f3326c7b96256e2cbfcd60a0cbacf9f160d4e2ace3ecdca6795c0d0d209d1cf7510de6b9fb6d

  • SSDEEP

    98304:ukl02gYcEWLSk4wHnY/q8nPDaYNS/mrCjRG+u+6cOZdX:vl3pcE8HY/quPDaYQBs+ujV/X

Score
10/10
quasarflodiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

FLO

C2

qtd.ydns.eu:5829

Mutex

ac3de377-7a66-4586-b523-567adbbba988

Attributes
  • encryption_key

    C5B555A83D127A9553D4FB1FCECB35CE8E91A447

  • install_name

    outlooks.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Outlooks

  • subdirectory

    WindowsUpdates

Targets

    • Target

      KRcLFIz5PCQunB7.exe

    • Size

      3.5MB

    • MD5

      a08b35662044abf9528c24c3f663eaed

    • SHA1

      aee7831f263e6b83198a790d8a8948a841a600e2

    • SHA256

      3f233256d32f8c33884510be0e50b614a35642f6ed7cb76b1f480373b548b295

    • SHA512

      0866868cbf52999b233546348cde08c3cfcf2deef86830a319d8430e6d815a02b8438f46c944fbd9f2010d7e9fcb6f4f77db490280894b899de0afc71278b5dd

    • SSDEEP

      49152:Uf+eHq329+bhPCNJZxh2H4s0E04nfxhFZ9kIODfdWutT825SkDh83TQ237w4fGi:U+MrJZqYsTfnFZ9ktfgtSSTQ23s4p

    Score
    10/10
    discoveryquasarflospywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks