General

  • Target

    Windows-Activation.exe

  • Size

    3.1MB

  • Sample

    241219-3yvv4stmfs

  • MD5

    ae747de0584eeab55957aa8ec12ba488

  • SHA1

    41483b8e1ff488a546e08de74ac09300fe63c80b

  • SHA256

    300bad38953dd87cda952bb60f1999a5ea1f9c0f64a3f0f842633b982b15194b

  • SHA512

    f744156f05ebe0adbbe0e3973783e60e0d2b98ea8c33a147f0e1afe1cdd749b994453b7da4f8c45c73af0569453f85dacddde57820aa1f9a94e3f7350445b68c

  • SSDEEP

    49152:evBt62XlaSFNWPjljiFa2RoUYIRetwHBxjooGd33THHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIyw4

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Svchost.exe

C2

192.168.1.190:4782

Mutex

75ec4d04-9201-465b-9d52-07fbf8901610

Attributes
  • encryption_key

    BC9F0EB6E1FA6B8559DDF8DE0AEF08110EBCF8E5

  • install_name

    Svchostt.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Svchostt.exe

Targets

    • Target

      Windows-Activation.exe

    • Size

      3.1MB

    • MD5

      ae747de0584eeab55957aa8ec12ba488

    • SHA1

      41483b8e1ff488a546e08de74ac09300fe63c80b

    • SHA256

      300bad38953dd87cda952bb60f1999a5ea1f9c0f64a3f0f842633b982b15194b

    • SHA512

      f744156f05ebe0adbbe0e3973783e60e0d2b98ea8c33a147f0e1afe1cdd749b994453b7da4f8c45c73af0569453f85dacddde57820aa1f9a94e3f7350445b68c

    • SSDEEP

      49152:evBt62XlaSFNWPjljiFa2RoUYIRetwHBxjooGd33THHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIyw4

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.