General

  • Target

    2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe

  • Size

    341KB

  • Sample

    241218-jq8x8a1pfn

  • MD5

    b8507ead18b15a807cafd59c14315120

  • SHA1

    0035b089f47d010865b1792e1e8b3774e292f710

  • SHA256

    2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ec

  • SHA512

    80257e8a53e173cd218bb48c9b7cfad6dddb99234c2babef4b0ae1e219b42e1ef47a4851210aa5ec3a52e82da4412b488142ec4d4345e65fa8e7385eb5b655ce

  • SSDEEP

    6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep0:m19KIonkditIoufI0

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

CHAMUTLDA

C2

xowite7203-56864.portmap.host:56864

Mutex

QSR_MUTEX_b1MzVBeB2fgsMGAB8R

Attributes
  • encryption_key

    A4r7dFvwva7oUnxJWxHI

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System

  • subdirectory

    System32

Targets

    • Target

      2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe

    • Size

      341KB

    • MD5

      b8507ead18b15a807cafd59c14315120

    • SHA1

      0035b089f47d010865b1792e1e8b3774e292f710

    • SHA256

      2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ec

    • SHA512

      80257e8a53e173cd218bb48c9b7cfad6dddb99234c2babef4b0ae1e219b42e1ef47a4851210aa5ec3a52e82da4412b488142ec4d4345e65fa8e7385eb5b655ce

    • SSDEEP

      6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep0:m19KIonkditIoufI0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks