General

  • Target

    el liam bailando xd.mp4

  • Size

    3.1MB

  • Sample

    241122-aqhxcswqcn

  • MD5

    923b5eff3b0b3c29308cb73a568ebddf

  • SHA1

    4cc065f11403aee930f0d2e4ff996454c607dc27

  • SHA256

    4eb15cc2049a0945258b21fab368829cf9d921d9540127b954f0d0ba6034f335

  • SHA512

    3b4d63b963b0bc2f15527db0bcff9268dba6bc5efb6842eec391b040aeca5a1dbe1bbac840930070855913542c999778e65e5b3a6171f992deec2a83945248ea

  • SSDEEP

    98304:6aps3ZS26/GvzUYWcOn5xh24cf10YLjnM8Oz4Y:6ucZS281jcOv4HL7Oz3

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

10.127.1.137:4782

Mutex

QSR_MUTEX_hbxMQFPRGA78sZ0gkM

Attributes
  • encryption_key

    I6Y1GM1uLHisr8VCR7Cf

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      el liam bailando xd.mp4

    • Size

      3.1MB

    • MD5

      923b5eff3b0b3c29308cb73a568ebddf

    • SHA1

      4cc065f11403aee930f0d2e4ff996454c607dc27

    • SHA256

      4eb15cc2049a0945258b21fab368829cf9d921d9540127b954f0d0ba6034f335

    • SHA512

      3b4d63b963b0bc2f15527db0bcff9268dba6bc5efb6842eec391b040aeca5a1dbe1bbac840930070855913542c999778e65e5b3a6171f992deec2a83945248ea

    • SSDEEP

      98304:6aps3ZS26/GvzUYWcOn5xh24cf10YLjnM8Oz4Y:6ucZS281jcOv4HL7Oz3

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks