Overview

overview

10

Static

static

10

the newwor...at.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    the newworking rat.exe

  • Size

    3.1MB

  • Sample

    241207-t7653awrgz

  • MD5

    00c08053c9ec8b1575cc1dc37454ef36

  • SHA1

    a41c5e4a0a07eaf751068543c0892451b06a17a1

  • SHA256

    b1949d403caba3fc8addc1779b003b18fd9744f075dc9002213aa4104cdbbac1

  • SHA512

    eaeefc1bdf1c4a1c98e0befced54a6dc83a1598f9d409bae6c0876447c832171e418a16b0be210d7223ee256a4f85946fdf4c4ddc7b3d6981c5ea23ef9d8998b

  • SSDEEP

    98304:Pvm42pda6D+/PjlLOlZyQipVJ9RJ6I5a:nyOpTV5a

Score
10/10
quasarthecoolfilespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

thecoolfile

C2

dfsgmnhsrf23456623423456-51636.portmap.host:51636

Mutex

ba019940-beb5-4159-a5b2-ce0bc35ac066

Attributes
  • encryption_key

    B42CE86AEBA4D8818352F4D811EA7BBB472E229A

  • install_name

    windows defender.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    discord

  • subdirectory

    SubDir

Targets

    • Target

      the newworking rat.exe

    • Size

      3.1MB

    • MD5

      00c08053c9ec8b1575cc1dc37454ef36

    • SHA1

      a41c5e4a0a07eaf751068543c0892451b06a17a1

    • SHA256

      b1949d403caba3fc8addc1779b003b18fd9744f075dc9002213aa4104cdbbac1

    • SHA512

      eaeefc1bdf1c4a1c98e0befced54a6dc83a1598f9d409bae6c0876447c832171e418a16b0be210d7223ee256a4f85946fdf4c4ddc7b3d6981c5ea23ef9d8998b

    • SSDEEP

      98304:Pvm42pda6D+/PjlLOlZyQipVJ9RJ6I5a:nyOpTV5a

    Score
    10/10
    quasarthecoolfilespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks