General

  • Target

    Java.exe

  • Size

    3.3MB

  • Sample

    241218-halx3symdq

  • MD5

    f29f701e76e3a435acdd474a41fa60ba

  • SHA1

    10f06b6fc259131d8b6a5423972a1e55b62ce478

  • SHA256

    9cd175451c10b5f9e2dc3987f986b33a0a35294d47826dfde104171e65b84fba

  • SHA512

    0d5088f4f685b6d29edec7cc7e8bfe7c594fa6b3fde2a6b11ee977455d6fe088e04e899203171ff519cf9d2b5a78231f3650774cc17824219f43f947d13a86e9

  • SSDEEP

    49152:gvmI22SsaNYfdPBldt698dBcjHinQ1CGarv2oGdUBTHHB72eh2NT:gvr22SsaNYfdPBldt6+dBcjH6yCO

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Java

C2

dez3452-33187.portmap.host:33187

Mutex

f0e53bcd-851e-44af-8fd5-07d8ab5ed968

Attributes
  • encryption_key

    65439CE7DEF3E0FAF01C526FEA90388C9FD487A1

  • install_name

    java.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    java ©

  • subdirectory

    Programfiles

Targets

    • Target

      Java.exe

    • Size

      3.3MB

    • MD5

      f29f701e76e3a435acdd474a41fa60ba

    • SHA1

      10f06b6fc259131d8b6a5423972a1e55b62ce478

    • SHA256

      9cd175451c10b5f9e2dc3987f986b33a0a35294d47826dfde104171e65b84fba

    • SHA512

      0d5088f4f685b6d29edec7cc7e8bfe7c594fa6b3fde2a6b11ee977455d6fe088e04e899203171ff519cf9d2b5a78231f3650774cc17824219f43f947d13a86e9

    • SSDEEP

      49152:gvmI22SsaNYfdPBldt698dBcjHinQ1CGarv2oGdUBTHHB72eh2NT:gvr22SsaNYfdPBldt6+dBcjH6yCO

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks