General

  • Target

    854fc659414fc88605337694eb6b6f4f177389c9cbb69ca0b0e705f555ebbb09

  • Size

    3.1MB

  • Sample

    241216-n8sfeazlds

  • MD5

    051bfba0c640694d241f6b3621e241b6

  • SHA1

    a5269b7485203914af50cb932d952c10440878c9

  • SHA256

    854fc659414fc88605337694eb6b6f4f177389c9cbb69ca0b0e705f555ebbb09

  • SHA512

    bdfea5dfca423c4d66de1c9f435a1c0403b8615a0b7627fff665876fa2da48e8914cc2961ca9e66b7d32d2bc4004354e5e932297a479fcc90d495327d14577dc

  • SSDEEP

    49152:AvKgo2QSaNpzyPllgamb0CZof/JDj5RbR4jRoGdMOAuTHHB72eh2NT:Avjo2QSaNpzyPllgamYCZof/JDj5wFc

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SGVP

C2

192.168.1.9:4782

150.129.206.176:4782

Ai-Sgvp-33452.portmap.host:33452

Mutex

2464c7bf-a165-4397-85fe-def5290750b0

Attributes
  • encryption_key

    09BBDA8FF0524296F02F8F81158F33C0AA74D487

  • install_name

    User Application Data.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windowns Client Startup

  • subdirectory

    Quasar

Targets

    • Target

      854fc659414fc88605337694eb6b6f4f177389c9cbb69ca0b0e705f555ebbb09

    • Size

      3.1MB

    • MD5

      051bfba0c640694d241f6b3621e241b6

    • SHA1

      a5269b7485203914af50cb932d952c10440878c9

    • SHA256

      854fc659414fc88605337694eb6b6f4f177389c9cbb69ca0b0e705f555ebbb09

    • SHA512

      bdfea5dfca423c4d66de1c9f435a1c0403b8615a0b7627fff665876fa2da48e8914cc2961ca9e66b7d32d2bc4004354e5e932297a479fcc90d495327d14577dc

    • SSDEEP

      49152:AvKgo2QSaNpzyPllgamb0CZof/JDj5RbR4jRoGdMOAuTHHB72eh2NT:Avjo2QSaNpzyPllgamYCZof/JDj5wFc

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks