General
-
Target
burppack3-2024.rar
-
Size
208.5MB
-
Sample
241216-sa83qatqap
-
MD5
e46b7a7c74936da5eeaccc0673bc3a48
-
SHA1
8121ce377b5c55f198b3cafa4f9e7ad75ee187d1
-
SHA256
fe894016f94b60553d9138137f52578c6433fd74a73ad89ab8b44557fc0c3325
-
SHA512
1c2690620c5427420ce7e0f48c67082d513a19695a185dbfbc4b165bb36f4f3132e63c336c562c01889a349df3d9c11bbb0306856ea1365a93d14cf50334c51a
-
SSDEEP
6291456:UqR1PHJG2ESQZlZ0GZSAaXnHLvWYhF9uFemAuWqIVxjZW3w:UYJpnOZlZ0GZSAaXnHBuAmAIIHZww
Static task
static1
Behavioral task
behavioral1
Sample
burppack3-2024.rar
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Read-me.txt
Resource
win11-20241007-en
Malware Config
Extracted
quasar
1.3.0.0
data
datalett.ddns.net:4444
QSR_MUTEX_hzYSE6QTCu4NH4iCzb
-
encryption_key
CQFMtoja6aYivVz7BMEo
-
install_name
svhostt.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svhostt
-
subdirectory
SubDir
Targets
-
-
Target
burppack3-2024.rar
-
Size
208.5MB
-
MD5
e46b7a7c74936da5eeaccc0673bc3a48
-
SHA1
8121ce377b5c55f198b3cafa4f9e7ad75ee187d1
-
SHA256
fe894016f94b60553d9138137f52578c6433fd74a73ad89ab8b44557fc0c3325
-
SHA512
1c2690620c5427420ce7e0f48c67082d513a19695a185dbfbc4b165bb36f4f3132e63c336c562c01889a349df3d9c11bbb0306856ea1365a93d14cf50334c51a
-
SSDEEP
6291456:UqR1PHJG2ESQZlZ0GZSAaXnHLvWYhF9uFemAuWqIVxjZW3w:UYJpnOZlZ0GZSAaXnHBuAmAIIHZww
Score1/10 -
-
-
Target
Read-me.txt
-
Size
79B
-
MD5
4d95d65bae99fc01b6525c3fabcef7d2
-
SHA1
c363cee70aef9b36aa7e8764e42a8f24d056a3ca
-
SHA256
e947678ddca921f4d1c34505b4e944cb175001491a0211633be78ba15208973a
-
SHA512
f9aec8f5ce501f7e32f498cbfa6f6b2d12647ff164a7b0e951052b609921a0971e08d42270024f58767cbdbaabbbb00fc59e8737bdbe9abc54976f4e1d8ec011
Score3/10 -
-
-
Target
burpsuite2.2.3.EXE
-
Size
208.5MB
-
MD5
460086865d75f8d8f8d54e742d0656b0
-
SHA1
cd71c90b408830ae89b48a3461024dc95a940f3b
-
SHA256
b488a4eb81c8327a60690f68d767016b3197341917faacc0b398fce5d0dac4ac
-
SHA512
c961d1f9733925823b5308aff2e53f5446f9c43689f861c1c88f0e13726b6be8f053d59b35ae6a55fe3d1ff02336a942a432dc2bc9b8b55aa5fda421aa88fded
-
SSDEEP
3145728:71osewEwZ01WNfNh32OWCkJoCGGz3xdjEFlv6xIirbJuecrstRyRBRfSqa2tErKl:+3YtmOWCkh3PjGl8bJcA8HKWEuxp5HT
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1