General

  • Target

    iis_Stupid_Menu.dll

  • Size

    843KB

  • Sample

    241204-ycbswstjfm

  • MD5

    e36f1425887cc291fc976040ca4527c4

  • SHA1

    123b9d1641539072c1ec3b71eb11aeee792447dc

  • SHA256

    be197dd6a8bdd291378a2f60bd0ec33d4deda2899129310017c38b05f1070efb

  • SHA512

    ebf9c6a182256ce4cdff1c6b1557c9747d2b7565962f88f021e839cc173fc8977fdedfef3189494faaf855f0cc8d1d4d7e8c89ad19af8b6f3d211d37c477b804

  • SSDEEP

    12288:/1xj6/IBi+7tRmKnGj/olHFn4i4KF8EbV7Me:HjvUstRn2/olHFb7F8SV7Me

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.48:4782

Mutex

33376e96-8fb8-4154-bd0a-fd0f58f69afe

Attributes
  • encryption_key

    9DE7C466D5C89B4DCD53772026AFA9FDFA35108F

  • install_name

    phantomX injector.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      iis_Stupid_Menu.dll

    • Size

      843KB

    • MD5

      e36f1425887cc291fc976040ca4527c4

    • SHA1

      123b9d1641539072c1ec3b71eb11aeee792447dc

    • SHA256

      be197dd6a8bdd291378a2f60bd0ec33d4deda2899129310017c38b05f1070efb

    • SHA512

      ebf9c6a182256ce4cdff1c6b1557c9747d2b7565962f88f021e839cc173fc8977fdedfef3189494faaf855f0cc8d1d4d7e8c89ad19af8b6f3d211d37c477b804

    • SSDEEP

      12288:/1xj6/IBi+7tRmKnGj/olHFn4i4KF8EbV7Me:HjvUstRn2/olHFb7F8SV7Me

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks