Overview

overview

10

Static

static

10

Wurst_Clie...23.rar

windows10-ltsc 2021-x64

10

Client/Wru...nu.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Wurst_Client_password_123.rar

  • Size

    1.0MB

  • Sample

    241130-r4xq4s1ker

  • MD5

    18478c347c569b4c7ef8c8db9665f1d5

  • SHA1

    fd54e1e9664d6fbdb132c62ffd4a2ef6e89897b5

  • SHA256

    66692d291cd990717ce709ee6af67f38124c57fdb6fe6e89f20cfffff3dd16d6

  • SHA512

    f98aab92eba2bc79813b30e619f9aacaaa8d5408111210fcdc94c7f8b215c90c29e511b2527e351bb2ef1ac54bb62f3a8569000427799332438a9b079d8dfafe

  • SSDEEP

    24576:yoYOuWb9jrkYC3HuaxpzsZHH0h5NnwaGdy02:4Wb9TauY9sZ0Fl/

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

myhost20292.ddns.net:4782

Mutex

829ab10d-b669-4914-94aa-0b29020c6f1f

Attributes
  • encryption_key

    975A6378A0F938D8B354B0AF273B7F68F0241913

  • install_name

    Wurst Client ModMenu.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Java Updater

  • subdirectory

    SubDir

Targets

    • Target

      Wurst_Client_password_123.rar

    • Size

      1.0MB

    • MD5

      18478c347c569b4c7ef8c8db9665f1d5

    • SHA1

      fd54e1e9664d6fbdb132c62ffd4a2ef6e89897b5

    • SHA256

      66692d291cd990717ce709ee6af67f38124c57fdb6fe6e89f20cfffff3dd16d6

    • SHA512

      f98aab92eba2bc79813b30e619f9aacaaa8d5408111210fcdc94c7f8b215c90c29e511b2527e351bb2ef1ac54bb62f3a8569000427799332438a9b079d8dfafe

    • SSDEEP

      24576:yoYOuWb9jrkYC3HuaxpzsZHH0h5NnwaGdy02:4Wb9TauY9sZ0Fl/

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

    • Target

      Client/Wrust Client/Wrust Client ModMenu.exe

    • Size

      3.1MB

    • MD5

      b6067d4946e40672793484c4ad1054f4

    • SHA1

      b06fb12cade407b0270aca2d2e14e7d19b92b36c

    • SHA256

      8e7dd1315b0523342ad5ded4942d1e6e6be61f0a6fe6b13336de3c95a8074239

    • SHA512

      12d902b2bfc7810f50277ed0f4344834390a6a712643076baadf43ab9e9c0b07e36b791637e2e1779fe0782ec240bf2120853f5f995b0f91d5d75c8cddadc78d

    • SSDEEP

      49152:SviI22SsaNYfdPBldt698dBcjHR7xNESE3k/iQLoGdQTHHB72eh2NT:Svv22SsaNYfdPBldt6+dBcjH5xmu

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks