Overview

overview

10

Static

static

3

Purchase O......exe

windows7-x64

3

Purchase O......exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.rar

  • Size

    72KB

  • Sample

    241212-lj1z5sskdm

  • MD5

    18edfb5f1e4c1e30b8e1f555bb1a033e

  • SHA1

    d6901e6c43cb15f287d564438208036839860cd2

  • SHA256

    ff1208db06c1a0514442ebf5bd2b328f087ef8327d4bea9da55399850d23da7e

  • SHA512

    d57a84ba62a31fb8221fcbd70b1272ba24e0f1042c7957fd0d64d46efcea3550849f06e2e4d75e49b88975f8410c3995ad101d067dcac486eda08c29f0355adc

  • SSDEEP

    1536:xRhxo0FYmex2Phn58CiUBJwPdtzdpFKDr+7me/P/2+olEPnf3ort:nDFQI8qnwPXz4uaYP/4lEPwrt

Score
10/10
quasaronyediscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

onye

C2

winera.ydns.eu:6298

Mutex

4d79333b-1758-4ff2-8d36-e4612bbfd878

Attributes
  • encryption_key

    799E5C34BA6EC18D72E269D0C5CF1A5AC1AD9277

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    settings

  • subdirectory

    SubDir

Targets

    • Target

      Purchase Order-9765456-export23....exe

    • Size

      174KB

    • MD5

      90b63162f613ec7e392c15dbcc844750

    • SHA1

      64acb9112424b2937dd3724d4460d64b5b418dbd

    • SHA256

      4c5ae8b60005526d81508706a1dfc6e491a3d51bc2b0dbe2d26d2b53a25cfe50

    • SHA512

      7f3057d6496895317acfadc40c620438709087f1dd61fc88ae210cb27ea036192e591287c295457c10080a380319ff98aee790264d5864668fc7f7d248e1d70b

    • SSDEEP

      3072:c7DOEKsy8Jg6IlXjK1p8rlHfbbxfwIphhup6gma8f5tUzpTnZO+hOeH:H8JfcjW8rlHjb9/pXu8nOnE+N

    Score
    10/10
    discoveryquasaronyespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks