Overview

overview

10

Static

static

10

friends forever.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    friends forever.exe

  • Size

    3.1MB

  • Sample

    241218-1ps9tatpaq

  • MD5

    ea836fb4533514a9a0e7e1b79378844d

  • SHA1

    efda5af5b9ee2d3c6f799e23435a1a4b741232e3

  • SHA256

    6f7eb9b82b545931d07d4763a819578e3161f3df295dfcbf6c831be04ee2e61d

  • SHA512

    c116e25c1c4550b4ba66137b442d2b7f372a0ac0f27f016e4e86e81b7c0d3f43c964fac5e8fe611690ea44d3caf27911a135ee3f4e44d8b872ec48576f68623a

  • SSDEEP

    98304:nvSL26AaNeWgPhlmVqkQ7XSKctFxwnys:vC4SR3x0y

Score
10/10
quasarclick loverspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Click Lover

C2

193.161.193.99:44422

Mutex

98bd51bf-11bf-416b-a912-36f489dfdd26

Attributes
  • encryption_key

    2E11DF8B2B2BF1F6C123C50C37AB3BD9FF752BD5

  • install_name

    Video Application.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Video Application

  • subdirectory

    SubDir

Targets

    • Target

      friends forever.exe

    • Size

      3.1MB

    • MD5

      ea836fb4533514a9a0e7e1b79378844d

    • SHA1

      efda5af5b9ee2d3c6f799e23435a1a4b741232e3

    • SHA256

      6f7eb9b82b545931d07d4763a819578e3161f3df295dfcbf6c831be04ee2e61d

    • SHA512

      c116e25c1c4550b4ba66137b442d2b7f372a0ac0f27f016e4e86e81b7c0d3f43c964fac5e8fe611690ea44d3caf27911a135ee3f4e44d8b872ec48576f68623a

    • SSDEEP

      98304:nvSL26AaNeWgPhlmVqkQ7XSKctFxwnys:vC4SR3x0y

    Score
    10/10
    quasarclick loverspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks