Overview

overview

10

Static

static

10

FREEROBUX.exe

windows7-x64

10

FREEROBUX.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FREEROBUX.exe

  • Size

    3.1MB

  • Sample

    241128-q363qavnbn

  • MD5

    3596db7936f5d66cecbe028d13a91bfc

  • SHA1

    fba98fb2e56e9d729c94a982c6f48eb5aba8930a

  • SHA256

    56e476ecef007b432c2e388802c7541762dae164ceea1b5342b59b4857d2dfac

  • SHA512

    e74596a17e9e9db088292e67e06800098d52b1da6d0870d1239144005632aaebb3b25e7b43d02c481f536b0bdd2a0483fffc5bd55e396c9241c3a7f161340e76

  • SSDEEP

    49152:7v+lL26AaNeWgPhlmVqvMQ7XSKhnn4gLoGd3lTHHB72eh2NT:7vuL26AaNeWgPhlmVqkQ7XSKhnnx

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.230:4782

192.168.1.233:4782
Mutex

e4595bcd-22f9-4826-8d7f-d752e4ca2275

Attributes
  • encryption_key

    9209FE335E49520665B871E3C932A5C8D6821048

  • install_name

    Setup.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      FREEROBUX.exe

    • Size

      3.1MB

    • MD5

      3596db7936f5d66cecbe028d13a91bfc

    • SHA1

      fba98fb2e56e9d729c94a982c6f48eb5aba8930a

    • SHA256

      56e476ecef007b432c2e388802c7541762dae164ceea1b5342b59b4857d2dfac

    • SHA512

      e74596a17e9e9db088292e67e06800098d52b1da6d0870d1239144005632aaebb3b25e7b43d02c481f536b0bdd2a0483fffc5bd55e396c9241c3a7f161340e76

    • SSDEEP

      49152:7v+lL26AaNeWgPhlmVqvMQ7XSKhnn4gLoGd3lTHHB72eh2NT:7vuL26AaNeWgPhlmVqkQ7XSKhnnx

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks