Overview

overview

10

Static

static

10

System.exe

windows7-x64

10

System.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    System.exe

  • Size

    3.1MB

  • Sample

    241213-lzg7zavkdx

  • MD5

    e80f9a2d968a10ce2bbd655666befe8c

  • SHA1

    d56125da872bda98b592df56baf7fbfdeff94b6d

  • SHA256

    95f172a69bb9e7310bf636d76e310ec9603601e488473f2bdfe3c0e7dd2b9667

  • SHA512

    9bd6e745142143509f64c0239c9e535985c53d5e28ce4fb328f1e4b354c52f081c0545fe80549754a54857338e9b32ac2dfcab5379bca70f05907a55ae10d04c

  • SSDEEP

    49152:Bvuuf2NUaNmwzPWlvdaKM7ZxTwKKoZ2jmZv9oGuDFTHHB72eh2NT:BvJf2NUaNmwzPWlvdaB7ZxTwJoZ2I

Score
10/10
quasarbotnetspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

botnet

C2

165.227.31.192:22069

193.161.193.99:64425

193.161.193.99:60470
Mutex

713051d4-4ad4-4ad0-b2ed-4ddd8fe2349d

Attributes
  • encryption_key

    684009117DF150EF232A2EE8AE172085964C1CF0

  • install_name

    System.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Office

  • subdirectory

    Winrar

Targets

    • Target

      System.exe

    • Size

      3.1MB

    • MD5

      e80f9a2d968a10ce2bbd655666befe8c

    • SHA1

      d56125da872bda98b592df56baf7fbfdeff94b6d

    • SHA256

      95f172a69bb9e7310bf636d76e310ec9603601e488473f2bdfe3c0e7dd2b9667

    • SHA512

      9bd6e745142143509f64c0239c9e535985c53d5e28ce4fb328f1e4b354c52f081c0545fe80549754a54857338e9b32ac2dfcab5379bca70f05907a55ae10d04c

    • SSDEEP

      49152:Bvuuf2NUaNmwzPWlvdaKM7ZxTwKKoZ2jmZv9oGuDFTHHB72eh2NT:BvJf2NUaNmwzPWlvdaB7ZxTwJoZ2I

    Score
    10/10
    quasarbotnetspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks