General

  • Target

    1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1.exe

  • Size

    3.1MB

  • Sample

    241217-cqtd7sxlfy

  • MD5

    7aa529f2db5a30ed1b868c90e872ec57

  • SHA1

    f384f3c375411eea2c72cdc15c6252102535656a

  • SHA256

    1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1

  • SHA512

    404f3ba56677f362129b8352f0585e13f86e8f6a6570ca1deaed9551f01fea43b523d0318e314d5d99b371a2c44ac8ed9a4dae19788b10df325147b17d0a2120

  • SSDEEP

    49152:avht62XlaSFNWPjljiFa2RoUYIb3RJ6PbR3LoGdarTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYIb3RJ6h

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

0.tcp.us-cal-1.ngrok.io:15579

Mutex

11bbf22e-826e-486b-b024-adbd86228a9e

Attributes
  • encryption_key

    7A589EDBC6A581E125BF830EF0D05FC74BB75E30

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    ctfmon

  • subdirectory

    SubDir

Targets

    • Target

      1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1.exe

    • Size

      3.1MB

    • MD5

      7aa529f2db5a30ed1b868c90e872ec57

    • SHA1

      f384f3c375411eea2c72cdc15c6252102535656a

    • SHA256

      1df46d513e053da3765c3b5572fda399872f69f734a8eaf9345948a6331eefa1

    • SHA512

      404f3ba56677f362129b8352f0585e13f86e8f6a6570ca1deaed9551f01fea43b523d0318e314d5d99b371a2c44ac8ed9a4dae19788b10df325147b17d0a2120

    • SSDEEP

      49152:avht62XlaSFNWPjljiFa2RoUYIb3RJ6PbR3LoGdarTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYIb3RJ6h

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks