General
-
Target
Burppack2-2024.rar
-
Size
208.5MB
-
Sample
241125-zt98fssqbn
-
MD5
bda2c053bf3b7002f438f24b2594d35f
-
SHA1
c471eab44a733f590b5d6293c44808fdc16ddc3d
-
SHA256
844671babcc15471ab2f5e99a524be361fb8553b33275c1ceaf31e50c28a7541
-
SHA512
a6f44d01393606092f100fdd79b48d2d8d0ebfbeee7743b628d847a089f251a9a518838ced28708efea7a1716a717518019f37f1abff8c48d8155ab1a0e1c391
-
SSDEEP
3145728:IxG6yzdl7QygIM2Q/2WWdh3HXXzue43Y3u4h+dtIHs3i2TGNBG10InhsazdqXnE:4G6yzA2Q/2DhHy5Ye90HsRHBTzdYE
Malware Config
Extracted
quasar
1.3.0.0
systemsom
systemsom.ddns.net:4444
QSR_MUTEX_yUyz7QlfeoeehMJRGY
-
encryption_key
mWoA6fgoQ3ThegdvvCAD
-
install_name
shost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
mcsftt
-
subdirectory
micsft
Targets
-
-
Target
burpsuite2.2.EXE
-
Size
208.5MB
-
MD5
e65eadc039a63720027b5806936bb1f6
-
SHA1
608d8d9ef45b0bf71257078ca8a68bcd5fe1ec49
-
SHA256
99df601daf636cfc09df2eeceb7a9bcbb98c0798eac147f379cfcb2c2853d69c
-
SHA512
d113f24f4be83c71142df7a19c0c67da89a7e79286692621c8da03f30c0ec18ff2e4dd6957d5a8c7b3e05354cb26428a873fc04909ceb5800e5ef9021126bcd1
-
SSDEEP
6291456:ZY6l+mOWCkh3PjGl8bJcA8HKWEuxp5HT:m6l+mO6tPKMJUqWEuxv
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1