General
-
Target
ddef8abb1f0a772d1b6f3e6931dd2e3d_JaffaCakes118
-
Size
2.9MB
-
Sample
241210-knx9da1ngz
-
MD5
ddef8abb1f0a772d1b6f3e6931dd2e3d
-
SHA1
227e55ff077f997f601459ca78a49cc15b970dd4
-
SHA256
73bf5bec1f9a1a089ed27964a354858e5661822882883394ed2d1a9ed241b348
-
SHA512
9f6a2354dc209f284a8ab98126a1a8c8a8d4142be0992648f94222924a2b7504230167f5849538559cfb961513e81bbd7b91288f6bdef53bb4f03edfe8971080
-
SSDEEP
49152:s1Wpz744WsmBtUQDY8rwSWss9Dq/PyZy8rA3mcxrLZhG3GRcwXQ8d1s:OWC4WzBtRY8r1Welm+LZhVG
Malware Config
Extracted
quasar
1.4.0
WindowsDefender
timeserver-ts1.redirectme.net:4545
38846eaf-4c33-4e2e-b206-1f55763a931c
-
encryption_key
4831379DBBBCBA15F0105372CB435E62F03DFA1E
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
ddef8abb1f0a772d1b6f3e6931dd2e3d_JaffaCakes118
-
Size
2.9MB
-
MD5
ddef8abb1f0a772d1b6f3e6931dd2e3d
-
SHA1
227e55ff077f997f601459ca78a49cc15b970dd4
-
SHA256
73bf5bec1f9a1a089ed27964a354858e5661822882883394ed2d1a9ed241b348
-
SHA512
9f6a2354dc209f284a8ab98126a1a8c8a8d4142be0992648f94222924a2b7504230167f5849538559cfb961513e81bbd7b91288f6bdef53bb4f03edfe8971080
-
SSDEEP
49152:s1Wpz744WsmBtUQDY8rwSWss9Dq/PyZy8rA3mcxrLZhG3GRcwXQ8d1s:OWC4WzBtRY8r1Welm+LZhVG
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Blocklisted process makes network request
-