General
-
Target
47a0c991d1dba2805305515d93b174db.exe
-
Size
42.8MB
-
Sample
241209-pzl3pssmgn
-
MD5
47a0c991d1dba2805305515d93b174db
-
SHA1
dafffc1e5e242f125cee49200f4e094974a1ae71
-
SHA256
ff7b72753ea2b80b03ad5275cc0987114997cc6ca55d81698fc679f7d35551f0
-
SHA512
092c9cd414760f35d41f5c07bca3535edbb7048485d6bd87a35cf88c05e51fc30e12d6cec3ee86ce46e4abdc89354be1fda145ed7b04c85955204a302512ea84
-
SSDEEP
393216:L76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfInVQx4urYsANulL7NF:L0LoCOn+2Is4urYDNulLBiuh
Malware Config
Extracted
quasar
1.4.1
Tools
81.17.96.75:63009
60b20d0a-a0cd-4b27-a870-970b6c27e2bc
-
encryption_key
94C6FF9C4A9CE8C5D400630879382E5892756A94
-
install_name
Tools.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Tools
-
subdirectory
SubDir
Targets
-
-
Target
47a0c991d1dba2805305515d93b174db.exe
-
Size
42.8MB
-
MD5
47a0c991d1dba2805305515d93b174db
-
SHA1
dafffc1e5e242f125cee49200f4e094974a1ae71
-
SHA256
ff7b72753ea2b80b03ad5275cc0987114997cc6ca55d81698fc679f7d35551f0
-
SHA512
092c9cd414760f35d41f5c07bca3535edbb7048485d6bd87a35cf88c05e51fc30e12d6cec3ee86ce46e4abdc89354be1fda145ed7b04c85955204a302512ea84
-
SSDEEP
393216:L76L6otUitqtH7wHtXq2pt2jbOCacCFIK0fpP9HF4VW8yfInVQx4urYsANulL7NF:L0LoCOn+2Is4urYDNulLBiuh
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-