Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    241216-hhg9vszngr

  • MD5

    8cadd9d05b28bdf0f3caeed0ce516d9c

  • SHA1

    b6b04039117acc2ffaef424eeaf6d99b4086487f

  • SHA256

    7fc8b932158ef8ced6bebf0c254f96cd6cd4cd1a0fd3a90e54652768c477aaf7

  • SHA512

    2e1c01240ac20ac2a374926893fa4796d4f4daa8f479c1c55ad62791ca0cb32cc8baf192d849abefc9c1a88d69045f4aeb563105d5d54fcac049b3b8f2ba7fee

  • SSDEEP

    49152:zvghBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaj3QaEfeak/l4XoGdPTHHB72eh2NT:zvSt2d5aKCuVPzlEmVQ0wvwfj3QSY

Score
10/10
quasarmanagerspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Manager

C2

serveo.net:11453

Mutex

a851cc5b-e50f-4270-9929-06c6323cdb3d

Attributes
  • encryption_key

    5A3C537E5FB2739D5B2468FC37915D58EF4AC5EA

  • install_name

    Runtime broker.exe

  • log_directory

    Microsoftsessential

  • reconnect_delay

    3000

  • startup_key

    Runtime broker

  • subdirectory

    Microsoft_Essentials

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      8cadd9d05b28bdf0f3caeed0ce516d9c

    • SHA1

      b6b04039117acc2ffaef424eeaf6d99b4086487f

    • SHA256

      7fc8b932158ef8ced6bebf0c254f96cd6cd4cd1a0fd3a90e54652768c477aaf7

    • SHA512

      2e1c01240ac20ac2a374926893fa4796d4f4daa8f479c1c55ad62791ca0cb32cc8baf192d849abefc9c1a88d69045f4aeb563105d5d54fcac049b3b8f2ba7fee

    • SSDEEP

      49152:zvghBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaj3QaEfeak/l4XoGdPTHHB72eh2NT:zvSt2d5aKCuVPzlEmVQ0wvwfj3QSY

    Score
    10/10
    quasarmanagerspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks