General

  • Target

    SGVP Client System.exe

  • Size

    3.1MB

  • Sample

    241217-g92xxatper

  • MD5

    f611f4dd12e51ca7a946f308ebd5e04c

  • SHA1

    2f7d049ec2b3ae6a8113b499d92ebc117eed890c

  • SHA256

    d0ff0914a4014573716701a665b7950e49594452a6a7418a049553f8c7c1be73

  • SHA512

    7057884406612bff108f1e315efacf83a99f1ec725b4496e737a57938b67edf5f23476b8f99395ec9f8ba355a68779fd5a2668b9caf0ca32b8862529eb413b83

  • SSDEEP

    49152:rvuz92YpaQI6oPZlhP3ReybewozV+vJH4RoGdeJYTHHB72eh2NT:rv092YpaQI6oPZlhP3YybewozV+e

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SGVP

C2

192.168.1.9:4782

150.129.206.176:4782

Ai-Sgvp-33452.portmap.host:33452

Mutex

a27420c6-f346-4b84-b7bd-6b3eab5a43cb

Attributes
  • encryption_key

    09BBDA8FF0524296F02F8F81158F33C0AA74D487

  • install_name

    User Application Data.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windowns Client Startup

  • subdirectory

    Quasar

Targets

    • Target

      SGVP Client System.exe

    • Size

      3.1MB

    • MD5

      f611f4dd12e51ca7a946f308ebd5e04c

    • SHA1

      2f7d049ec2b3ae6a8113b499d92ebc117eed890c

    • SHA256

      d0ff0914a4014573716701a665b7950e49594452a6a7418a049553f8c7c1be73

    • SHA512

      7057884406612bff108f1e315efacf83a99f1ec725b4496e737a57938b67edf5f23476b8f99395ec9f8ba355a68779fd5a2668b9caf0ca32b8862529eb413b83

    • SSDEEP

      49152:rvuz92YpaQI6oPZlhP3ReybewozV+vJH4RoGdeJYTHHB72eh2NT:rv092YpaQI6oPZlhP3YybewozV+e

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.