Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
29-11-2024 20:06
General
-
Target
d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe
-
Size
5.6MB
-
MD5
c549fe02bb65c0c2977c741c7ed4fd80
-
SHA1
8475e459ba2fe572c53b08c061a5b24e074832a1
-
SHA256
d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143aceb
-
SHA512
b51e81d073dc1bbdeea1f0dcf66901f2996faa5f30657e354c0c9271ad0f58ce0cc20744f8287afd81904d10148032038f2bad33e45d49685f7dce73e0a52b3a
-
SSDEEP
98304:fC0lmUrXmOH9wShg7JrBAwbzWMaA/BcV6LoFU4:flmUjY/rHKAL4U4
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
NEURO
C2
51.15.17.193:4782
Mutex
1f6c9ecc-c030-43a4-bbf2-21326400cbb5
Attributes
-
encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe"C:\Users\Admin\AppData\Local\Temp\d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
3.1MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
9.9MB