Overview

overview

10

Static

static

10

i - Copy (3).exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UPDATE!.rar

  • Size

    1.0MB

  • Sample

    241125-q61ecazlbv

  • MD5

    94043ed2f62579318a9c518977b56d2a

  • SHA1

    5c9372aad250206c81b970fef5671b11d06deaed

  • SHA256

    6e8ea3c47a8e46719c4242a3fb2f5bfa83d9e561f60d56309e98031b94392305

  • SHA512

    fe1e7804da153c5818acb8a0534e9a13492a28b0d2469c9e864546f62004fe4910c5a44c96a3aa2568ffac8c1bdb260ebdf37ab4a5730a06bc7578a3f9519cff

  • SSDEEP

    24576:DwqtbiQ1vFXidJ96G2rnoM8U3mDo+1tadAyyDZnJtH:DwqhjsPDRU3qogtEAyyDZ3H

Score
10/10
quasarfree cheetosspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Free Cheetos

C2

192.168.50.61:4782

Mutex

b9f33b8e-e35e-4e4c-aff8-7b28dddec418

Attributes
  • encryption_key

    6F5247E9D7D00C08CE63C6211A524818EA6DDA24

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      i - Copy (3).exe

    • Size

      3.1MB

    • MD5

      4ba9f63ed84485401f6c5557955fe62a

    • SHA1

      04e7833e655d9a3a5f8aa3052f3567fb4b28edc4

    • SHA256

      8079e8c75a7520eea86a78e35f77ce90be938f59a9718758719a4512ba28999e

    • SHA512

      d9626c179a380e24c93ed73ac82cedad9d0ed13ae16d549f55aebd35e3217bd54c46920fab851aad9f5e4f35b707297347af258286ff0a427d2744ea08cd5ded

    • SSDEEP

      49152:3vyI22SsaNYfdPBldt698dBcjHVv6oBuarYLoGdxTHHB72eh2NT:3vf22SsaNYfdPBldt6+dBcjHR6oBu

    Score
    10/10
    quasarfree cheetosspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks