General

  • Target

    poo virus grr.rar

  • Size

    1.0MB

  • Sample

    241215-dj1elstpdl

  • MD5

    188f727e3be9e5d89c86d843441386f8

  • SHA1

    d84ecac02426ab30a66de06c7ec72e52a0eaad6d

  • SHA256

    8b507e7ba319bcbf1a13540ec20ad4f31d667a6a1cc99e091fc2f74066123c78

  • SHA512

    332358be50280c6005b95fc5fc288ab767abb0162c6f0ddd19fab8e4c5dd22f46ea2f724cac63baaf53086b7d095d04527d55a10796275fc9ecedd0f117c1718

  • SSDEEP

    24576:2zGoqxxbY9XIPD7Ltr4ol2iu0kiOiIBIvWCcxdxq:2wxxiXIHLyolt/7DIGvsxd0

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

181.99.66.83:4782

Mutex

7b23506c-ff83-4362-93b4-b99c14429834

Attributes
  • encryption_key

    7A8E2417AD5EAA788488BDF81FE6CACB01258933

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      poo virus grr.rar

    • Size

      1.0MB

    • MD5

      188f727e3be9e5d89c86d843441386f8

    • SHA1

      d84ecac02426ab30a66de06c7ec72e52a0eaad6d

    • SHA256

      8b507e7ba319bcbf1a13540ec20ad4f31d667a6a1cc99e091fc2f74066123c78

    • SHA512

      332358be50280c6005b95fc5fc288ab767abb0162c6f0ddd19fab8e4c5dd22f46ea2f724cac63baaf53086b7d095d04527d55a10796275fc9ecedd0f117c1718

    • SSDEEP

      24576:2zGoqxxbY9XIPD7Ltr4ol2iu0kiOiIBIvWCcxdxq:2wxxiXIHLyolt/7DIGvsxd0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      poo virus grr/activate virus [logs ur device].exe

    • Size

      3.1MB

    • MD5

      7f604852d7713ce48e754d05cfdb9c2e

    • SHA1

      8caa2ea8644f0014d8949edf576b008de2fcde75

    • SHA256

      db706cddf84bb9d83cda2cc00e6832e26daa6592eef27fc37d39eccdc683e5d4

    • SHA512

      a36e50b1426e990c1130a309bf453657561b646b3160c1e3a3f4d46b02bf24706982f635be627521a909a61b8fa57f0fbcc108cb1c340a37f86725bc38454ef7

    • SSDEEP

      49152:DvyI22SsaNYfdPBldt698dBcjHDXUue8LzCoGhtTHHB72eh2NT:Dvf22SsaNYfdPBldt6+dBcjHDXUu0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks