General

  • Target

    https://cdn.discordapp.com/attachments/1294340651575541884/1318993323024846943/picgnp.scr?ex=676457c1&is=67630641&hm=9b669ca6030e1ce5b855d034bfd60486448feab2de1dee98bd5a91f14c6ca4d4&

  • Sample

    241218-wa41jswqc1

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Image

C2

192.168.56.1:4782

Mutex

312bce56-67e9-4c48-a27a-de306b9dad89

Attributes
  • encryption_key

    691E85B569FC3C88790A081979AAACDC8A8F7C98

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      https://cdn.discordapp.com/attachments/1294340651575541884/1318993323024846943/picgnp.scr?ex=676457c1&is=67630641&hm=9b669ca6030e1ce5b855d034bfd60486448feab2de1dee98bd5a91f14c6ca4d4&

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.