Overview

overview

10

Static

static

1

Client-built.exe.bat

windows10-ltsc 2021-x64

10

Client-built.exe.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe.bat

  • Size

    4.2MB

  • Sample

    241125-3dh1tasjbt

  • MD5

    8eecabd958ac81525f071d8f8f9c5b4f

  • SHA1

    293f0625c5eafc5193d582244603d5981c5c6ef5

  • SHA256

    8c0ed0a2488582fa19983c458e298b76bad3f81402da794f55d4b5adbf101db3

  • SHA512

    3ecc3d4a22fd945777eea8ca732c3009ca65bc0e44ea388e0602db500da2f20ef2d465ef107a79595ea3f5c89eccbf634fcbb7fb46197a8513a6317450b80704

  • SSDEEP

    49152:B78bwAn48Himx5yYfP0z1TjhIkgbN+7fSnndvcW:a

Score
10/10
quasarfrexecutionspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

fr

C2

kdotisbetterfr.airdns.org:61875

Mutex

de3f242e-9b27-4bcc-b108-2b89973fa679

Attributes
  • encryption_key

    A9E1D2CBD6699561DDC6C38CE5B7E79D283DC83E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe.bat

    • Size

      4.2MB

    • MD5

      8eecabd958ac81525f071d8f8f9c5b4f

    • SHA1

      293f0625c5eafc5193d582244603d5981c5c6ef5

    • SHA256

      8c0ed0a2488582fa19983c458e298b76bad3f81402da794f55d4b5adbf101db3

    • SHA512

      3ecc3d4a22fd945777eea8ca732c3009ca65bc0e44ea388e0602db500da2f20ef2d465ef107a79595ea3f5c89eccbf634fcbb7fb46197a8513a6317450b80704

    • SSDEEP

      49152:B78bwAn48Himx5yYfP0z1TjhIkgbN+7fSnndvcW:a

    Score
    10/10
    quasarfrexecutionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks