General

  • Target

    testv12.exe

  • Size

    3.1MB

  • Sample

    241216-1yf1vaslfj

  • MD5

    8f131c77156b85ca15444aabe87333ef

  • SHA1

    5402d8163423097e863bea234d211f5b13258a4b

  • SHA256

    84386ba4be46d6a071c25da1ec4f339817aeaad478a6ca9453e1935205571f20

  • SHA512

    95f05308d912a25b42a73e09c061ee88cedadb5080653ae8ae794f4de6e581c099f49dbc7943f54be838b72ac7649ff573f63e7326c0a8688e7508b62deb90b0

  • SSDEEP

    49152:Xv3lL26AaNeWgPhlmVqvMQ7XSKC1mKmzOUoGdcQTHHB72eh2NT:Xv1L26AaNeWgPhlmVqkQ7XSKC1mp

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

4.tcp.eu.ngrok.io:16602

4.tcp.eu.ngrok.io:7724

Mutex

af6a836a-9106-4785-8dce-1ced637f2ecd

Attributes
  • encryption_key

    50B793FC4C8129DCCC330E337AEC3777884F3B64

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      testv12.exe

    • Size

      3.1MB

    • MD5

      8f131c77156b85ca15444aabe87333ef

    • SHA1

      5402d8163423097e863bea234d211f5b13258a4b

    • SHA256

      84386ba4be46d6a071c25da1ec4f339817aeaad478a6ca9453e1935205571f20

    • SHA512

      95f05308d912a25b42a73e09c061ee88cedadb5080653ae8ae794f4de6e581c099f49dbc7943f54be838b72ac7649ff573f63e7326c0a8688e7508b62deb90b0

    • SSDEEP

      49152:Xv3lL26AaNeWgPhlmVqvMQ7XSKC1mKmzOUoGdcQTHHB72eh2NT:Xv1L26AaNeWgPhlmVqkQ7XSKC1mp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks