General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    241218-g67c8aylbj

  • MD5

    82222cff36f2c338159b23a7f18a4815

  • SHA1

    8beccbb99e38248a080d5de1de8d87617ca428c2

  • SHA256

    033d335780d49949daea53acdb1b3ef162efc4bf02233ca8cd9e8d0a6533c8ea

  • SHA512

    ed1a66e9d925291b14131b129e28e02494d6a174b3abde8d724d35a502f805ef472e5a780d37ce0ed2548a5f7071afbccbbd769ff938e04458d7eb409371ef55

  • SSDEEP

    49152:qUd1/DM2zv8aMlqCPwln5+Hjdh+EuvQ1VeiroGnGTHHB72eh2NTe:qUPrM2zEaMlqCPwln5+Ddh+Zvus

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

rat1

C2

unitedrat.ddns.net:4782

Mutex

5100ab61-a5a5-407f-af55-9e7766b9d637

Attributes
  • encryption_key

    AB7A97D9E0F9B0A44190A0D500EAB7AF37629802

  • install_name

    System32.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System32

  • subdirectory

    System32

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      82222cff36f2c338159b23a7f18a4815

    • SHA1

      8beccbb99e38248a080d5de1de8d87617ca428c2

    • SHA256

      033d335780d49949daea53acdb1b3ef162efc4bf02233ca8cd9e8d0a6533c8ea

    • SHA512

      ed1a66e9d925291b14131b129e28e02494d6a174b3abde8d724d35a502f805ef472e5a780d37ce0ed2548a5f7071afbccbbd769ff938e04458d7eb409371ef55

    • SSDEEP

      49152:qUd1/DM2zv8aMlqCPwln5+Hjdh+EuvQ1VeiroGnGTHHB72eh2NTe:qUPrM2zEaMlqCPwln5+Ddh+Zvus

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks