General

  • Target

    Долговая нагрузка.exe

  • Size

    3.7MB

  • Sample

    241216-qegsxsskam

  • MD5

    a6be8a62c7f7d595db6ac9dc6e93da02

  • SHA1

    5f2e5d543b91a01055ab1263611c9df49e2a5e45

  • SHA256

    4fa2387a8a7d3c19888b5a07b5897f344be8e4364d5f5130f257715ad2a97fca

  • SHA512

    e6abac83f4e29cd344d22bde4a0835917c0e6636888f17394dca4ac7632f79cbc66ed25d800cb58aea46009a5d26cab847efd864a87972cb42512f1cc43cb7dc

  • SSDEEP

    98304:fcEeb0vNmYtGKMlmlywp5zE4LMXNoyhEqf+swZc8XRn:EEeb0vvAKMlmgwp244dphW9ZxRn

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

9-12

C2

crostech.ru:4782

Mutex

0676955f-264f-4ab3-b171-6c6abc3ad662

Attributes
  • encryption_key

    DD459BB92A43EF8EEB2FE401C8453F685AECE590

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Долговая нагрузка.exe

    • Size

      3.7MB

    • MD5

      a6be8a62c7f7d595db6ac9dc6e93da02

    • SHA1

      5f2e5d543b91a01055ab1263611c9df49e2a5e45

    • SHA256

      4fa2387a8a7d3c19888b5a07b5897f344be8e4364d5f5130f257715ad2a97fca

    • SHA512

      e6abac83f4e29cd344d22bde4a0835917c0e6636888f17394dca4ac7632f79cbc66ed25d800cb58aea46009a5d26cab847efd864a87972cb42512f1cc43cb7dc

    • SSDEEP

      98304:fcEeb0vNmYtGKMlmlywp5zE4LMXNoyhEqf+swZc8XRn:EEeb0vvAKMlmgwp244dphW9ZxRn

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks