General
-
Target
42f1ecb6f9e2f73bb66e84e5f8ca4fb4.bin
-
Size
122KB
-
Sample
241202-bpwmha1rgw
-
MD5
ef1f247a8ada6b819671c41903375d55
-
SHA1
ebe0c341a8b013537f2988623639b7f489a8c4ef
-
SHA256
4aa1ef6600a523f37a28a4d472080741093f629b037ba189bc79a1b6f8ab6a4c
-
SHA512
310a10a06e70c63ec463110d3723952e090abce5130cc3e30ab20ba0f90d28515075c061e8d6a1c4b15b9df96e6d4323133a531882ed03fbffce3c9f954895be
-
SSDEEP
3072:V4+zsLRFJAy1Za+N3xwVqnK8FLDn8+bESD6RYUtBZTB/jHEM3:JY1puN8VZbZD65vThb3
Malware Config
Extracted
quasar
1.4.0.0
Office
45.136.51.217:5173
fJtDNXkZg2XmnSxFi9
-
encryption_key
7Ds8HmxRNTT7TqM6R6Sm
-
install_name
csrss.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
NET framework
-
subdirectory
SubDir
Targets
-
-
Target
2a700406a42a06541dfee93faa1079b51c7a899e3cffcbc31390473852d7e5cc.exe
-
Size
288KB
-
MD5
42f1ecb6f9e2f73bb66e84e5f8ca4fb4
-
SHA1
51aa8b14ec657171aab0dd13fb87c8e915073d08
-
SHA256
2a700406a42a06541dfee93faa1079b51c7a899e3cffcbc31390473852d7e5cc
-
SHA512
207162c793e58d702f9474cdfbc4738eaec2e23ad66636a706ad7f8de4f82ae136dc884d5c6f9acb35f3370c8402bd9e3d5572063def33d469b2398e0ac4c398
-
SSDEEP
6144:l7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbkFn:9lJtTF9zVGkllbkZ
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-