General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    241217-hbr6gssre1

  • MD5

    be5735282826036dcacc522c081365a0

  • SHA1

    310bba5786ba8a4087cb8045ea699279a434a818

  • SHA256

    78fe9f9cac3e4d5cf653be4475c8f247d4803379365dd44320716ea7384a8c11

  • SHA512

    0fecccb5dd1ecfc0eba3dc89e078b2210ea6299d0f60cdd7bade885872cd07f6bbf041b98924054b71d35d94e56e3004ac825c5f2f9feb7f18758fad25c3b2f3

  • SSDEEP

    49152:eviI22SsaNYfdPBldt698dBcjHq1SQoGv5lpTHHB72eh2NT:evv22SsaNYfdPBldt6+dBcjHq19x

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

193.161.193.99:43242

Mutex

45bfb701-bea2-411a-948d-9a6abe001f83

Attributes
  • encryption_key

    80594967BC0A4839C316A44D62DE36E9BF18177F

  • install_name

    SYSTEM26.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      be5735282826036dcacc522c081365a0

    • SHA1

      310bba5786ba8a4087cb8045ea699279a434a818

    • SHA256

      78fe9f9cac3e4d5cf653be4475c8f247d4803379365dd44320716ea7384a8c11

    • SHA512

      0fecccb5dd1ecfc0eba3dc89e078b2210ea6299d0f60cdd7bade885872cd07f6bbf041b98924054b71d35d94e56e3004ac825c5f2f9feb7f18758fad25c3b2f3

    • SSDEEP

      49152:eviI22SsaNYfdPBldt698dBcjHq1SQoGv5lpTHHB72eh2NT:evv22SsaNYfdPBldt6+dBcjHq19x

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.