General

  • Target

    4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda

  • Size

    3.1MB

  • Sample

    241216-1fs8fs1kaw

  • MD5

    0e544c7dccc5ac91a382ba67577d7cd6

  • SHA1

    44b0868b7a9b0bf5c20ebeae736ddaeb2385fd92

  • SHA256

    4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda

  • SHA512

    c8544b538f74cfe5b397e958859b6145630db440c6b3700bb3751aa29ed7ac88ab34b9e9896ef70d25275deed05a937b4112932b879db7e93fdd0e2a5929e309

  • SSDEEP

    49152:bv4uf2NUaNmwzPWlvdaKM7ZxTw678gbR4LoGdgaTHHB72eh2NT:bv3f2NUaNmwzPWlvdaB7ZxTw678n

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Stinky

C2

ef3243fsert34.ddns.net:47820

anthonyngati.ddns.net:3872

Mutex

60cba0a9-0a63-450c-9567-57ef0e3c2e24

Attributes
  • encryption_key

    7A23123B6E1E0CCDB27477C6C7654C7BE2FEDE54

  • install_name

    sru.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    xml

  • subdirectory

    sru

Targets

    • Target

      4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda

    • Size

      3.1MB

    • MD5

      0e544c7dccc5ac91a382ba67577d7cd6

    • SHA1

      44b0868b7a9b0bf5c20ebeae736ddaeb2385fd92

    • SHA256

      4c9fda48a95f89b5a9cd070e9fd77a4c60205e221b682eb6b8d80e7527cafeda

    • SHA512

      c8544b538f74cfe5b397e958859b6145630db440c6b3700bb3751aa29ed7ac88ab34b9e9896ef70d25275deed05a937b4112932b879db7e93fdd0e2a5929e309

    • SSDEEP

      49152:bv4uf2NUaNmwzPWlvdaKM7ZxTw678gbR4LoGdgaTHHB72eh2NT:bv3f2NUaNmwzPWlvdaB7ZxTw678n

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks