General

  • Target

    7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053N.exe

  • Size

    2.8MB

  • Sample

    241216-wmm8kaxnfp

  • MD5

    4a1c798e636efe865b30ec8576fd6200

  • SHA1

    ee37036fd610ebc79cb119b0094143fbb521989b

  • SHA256

    7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053

  • SHA512

    60da6dfcfc431855d3316f263c7d0fec8ff363fe55f1847c7ab4ec5095a7f793653849cb2253b1dbb6de8d7d9bb7829a040ebe2e77fb72c2a102e677df63e4a3

  • SSDEEP

    49152:B/mf57XLMVRp8NsPUtugv4p+hfXq9C4RJjMuRGYd34rgReGKw7CKQ3:CMVoscup+hSfRJwtWmPnw7CF

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Plmso

C2

110.42.3.134:4782

Mutex

41ace1c3-9f4e-4d35-93fb-096ede244c3e

Attributes
  • encryption_key

    980DB384AAAF5B8591D5B450BFA39547F61611DC

  • install_name

    System.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System

  • subdirectory

    SubDir

Targets

    • Target

      7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053N.exe

    • Size

      2.8MB

    • MD5

      4a1c798e636efe865b30ec8576fd6200

    • SHA1

      ee37036fd610ebc79cb119b0094143fbb521989b

    • SHA256

      7081010e6695eb675cb7a4fe3c27eeeb82cd9f550d1f016eb0e130f0725cb053

    • SHA512

      60da6dfcfc431855d3316f263c7d0fec8ff363fe55f1847c7ab4ec5095a7f793653849cb2253b1dbb6de8d7d9bb7829a040ebe2e77fb72c2a102e677df63e4a3

    • SSDEEP

      49152:B/mf57XLMVRp8NsPUtugv4p+hfXq9C4RJjMuRGYd34rgReGKw7CKQ3:CMVoscup+hSfRJwtWmPnw7CF

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks