General
-
Target
SolaraBootstrapper.exe
-
Size
3.1MB
-
Sample
241208-x84ywaxpgm
-
MD5
777ed5284b4e0d4305e912b99f618141
-
SHA1
87453944e39401ceec173a996f88a38af7d70eab
-
SHA256
af28db66812bd93b8680039d629844fa8821c0f205285051a50ed4a3bcc7623d
-
SHA512
d5d7e0c0174714b70c642ba4122f2b8f5b6b77fa5b3e291364688c02ddfc3c5c9a3fedd011985779d93a15d7ac018259d33aa1e011e5edca1bd29bf5961727ad
-
SSDEEP
49152:bvvlL26AaNeWgPhlmVqvMQ7XSKA+RJ6obR3LoGdWTHHB72eh2NT:bv9L26AaNeWgPhlmVqkQ7XSKA+RJ6C
Malware Config
Extracted
quasar
1.4.1
nigger
r1ght-46976.portmap.host:46976
f9a96516-997d-4ba6-a575-b223308bc6c2
-
encryption_key
2FDC75D59897C5B7FB6BF58E34770B96CFDB9669
-
install_name
SolaraBootstrapper.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft Windows Defender
-
subdirectory
SubDir
Targets
-
-
Target
SolaraBootstrapper.exe
-
Size
3.1MB
-
MD5
777ed5284b4e0d4305e912b99f618141
-
SHA1
87453944e39401ceec173a996f88a38af7d70eab
-
SHA256
af28db66812bd93b8680039d629844fa8821c0f205285051a50ed4a3bcc7623d
-
SHA512
d5d7e0c0174714b70c642ba4122f2b8f5b6b77fa5b3e291364688c02ddfc3c5c9a3fedd011985779d93a15d7ac018259d33aa1e011e5edca1bd29bf5961727ad
-
SSDEEP
49152:bvvlL26AaNeWgPhlmVqvMQ7XSKA+RJ6obR3LoGdWTHHB72eh2NT:bv9L26AaNeWgPhlmVqkQ7XSKA+RJ6C
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-