Overview

overview

10

Static

static

10

virus.exe

windows10-2004-x64

10

virus.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    virus.exe

  • Size

    3.1MB

  • Sample

    241207-rg6qhavkav

  • MD5

    73b5cbd365dd4c4f8d79f90ad2f39a04

  • SHA1

    c4b793be677c7d741483b50165424197582f62a5

  • SHA256

    4bddfdcba09c9f9e59fda803daa9ec70f752eb0184845c998858fda6ae6db7fc

  • SHA512

    41182462081f190f94c71fc1c1cf94e6737b39c05d21c1c5ceb933ec851cae8c756ee2823f6858b2a141e54913f86ad7a07a0d622d302331cd5f087a32759bdf

  • SSDEEP

    49152:KvelL26AaNeWgPhlmVqvMQ7XSK2C5F1vSLo4dUGTHHB72eh2NT:KvOL26AaNeWgPhlmVqkQ7XSK2C5c

Score
10/10
quasarroarspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

roar

C2

fojeweb571-59953.portmap.host:59953

Mutex

be18500e-48e3-4692-8887-f0261df08045

Attributes
  • encryption_key

    B42CE86AEBA4D8818352F4D811EA7BBB472E229A

  • install_name

    windows defender.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    discord

  • subdirectory

    SubDir

Targets

    • Target

      virus.exe

    • Size

      3.1MB

    • MD5

      73b5cbd365dd4c4f8d79f90ad2f39a04

    • SHA1

      c4b793be677c7d741483b50165424197582f62a5

    • SHA256

      4bddfdcba09c9f9e59fda803daa9ec70f752eb0184845c998858fda6ae6db7fc

    • SHA512

      41182462081f190f94c71fc1c1cf94e6737b39c05d21c1c5ceb933ec851cae8c756ee2823f6858b2a141e54913f86ad7a07a0d622d302331cd5f087a32759bdf

    • SSDEEP

      49152:KvelL26AaNeWgPhlmVqvMQ7XSK2C5F1vSLo4dUGTHHB72eh2NT:KvOL26AaNeWgPhlmVqkQ7XSK2C5c

    Score
    10/10
    quasarroarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks