General

  • Target

    xTSRv1.1.0.6.exe

  • Size

    344KB

  • Sample

    241121-3dtgjszpcw

  • MD5

    58862052bc9830249a3481c1f598bfa6

  • SHA1

    a1606388aae362146a32faf45815cb7aa2e0a3ec

  • SHA256

    bacfd4551eb96cd6a853ee55f7e1839fdffedf1309d00932f603d214bc4798fb

  • SHA512

    f5bb7b412ddb826d262b784d9538c2ea30d217e1d23691176c53735021ada2fec13f2559ecfa6096ae4860e004211897dc0c69b9b04a5451d2e3feb6bec80215

  • SSDEEP

    6144:u4HFNUocJ7fDktpXaWgvkoXZL8GaY4900NuiF1D48q3O:/FNUzJ7fOpXa7PXZI4r0tq3

Malware Config

Targets

    • Target

      xTSRv1.1.0.6.exe

    • Size

      344KB

    • MD5

      58862052bc9830249a3481c1f598bfa6

    • SHA1

      a1606388aae362146a32faf45815cb7aa2e0a3ec

    • SHA256

      bacfd4551eb96cd6a853ee55f7e1839fdffedf1309d00932f603d214bc4798fb

    • SHA512

      f5bb7b412ddb826d262b784d9538c2ea30d217e1d23691176c53735021ada2fec13f2559ecfa6096ae4860e004211897dc0c69b9b04a5451d2e3feb6bec80215

    • SSDEEP

      6144:u4HFNUocJ7fDktpXaWgvkoXZL8GaY4900NuiF1D48q3O:/FNUzJ7fOpXa7PXZI4r0tq3

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks