Overview

overview

10

Static

static

10

latest.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    latest.exe

  • Size

    3.1MB

  • Sample

    241207-xpdbtaylhy

  • MD5

    987547ab64e63245ed07964daef37f3b

  • SHA1

    ea23278cfefdd48b9da3dd07ebb94e1194817587

  • SHA256

    815ce2d6945fa3d5b5e7ea7d7c4b65d318255e700aa503ae70fa347217114b65

  • SHA512

    2648df67c0e6654327539d00ce27ff79fdf4e357072ad82c5624eb74c9d53bc90ee91017d27ed31d9577fb9e5439a2ea8e2f27e0a934afee58b98c9de56a4e25

  • SSDEEP

    49152:rvHG42pda6D+/PjlLOlg6yQipV8KRJ6ebR3LoGduTHHB72eh2NT:rvm42pda6D+/PjlLOlZyQipV8KRJ6Y

Score
10/10
quasarthecoolfilediscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

thecoolfile

C2

dfsgmnhsrf23456623423456-51636.portmap.host:51636

Mutex

372f3f9f-1eba-429d-9b98-7c94499b8dbf

Attributes
  • encryption_key

    B42CE86AEBA4D8818352F4D811EA7BBB472E229A

  • install_name

    windows defender.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    discord

  • subdirectory

    SubDir

Targets

    • Target

      latest.exe

    • Size

      3.1MB

    • MD5

      987547ab64e63245ed07964daef37f3b

    • SHA1

      ea23278cfefdd48b9da3dd07ebb94e1194817587

    • SHA256

      815ce2d6945fa3d5b5e7ea7d7c4b65d318255e700aa503ae70fa347217114b65

    • SHA512

      2648df67c0e6654327539d00ce27ff79fdf4e357072ad82c5624eb74c9d53bc90ee91017d27ed31d9577fb9e5439a2ea8e2f27e0a934afee58b98c9de56a4e25

    • SSDEEP

      49152:rvHG42pda6D+/PjlLOlg6yQipV8KRJ6ebR3LoGduTHHB72eh2NT:rvm42pda6D+/PjlLOlZyQipV8KRJ6Y

    Score
    10/10
    quasarthecoolfilediscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks