General

  • Target

    5635d897dd5b3ee97bf94e1ad08de46ee35776fb5095baa3c89396b51658eb2b.exe

  • Size

    3.1MB

  • Sample

    241219-eyg29axpds

  • MD5

    2fbabfd67d127a2e7c317b0f92ff82bb

  • SHA1

    a57aaecb6f20306c20dd169c674278e53bf19f41

  • SHA256

    5635d897dd5b3ee97bf94e1ad08de46ee35776fb5095baa3c89396b51658eb2b

  • SHA512

    c9646395bab0457c4524c0e1d078cd3662da2d32f15f37087fc8a47f7134685b536916affd3aee2b58c8aca5b18b6981d923296e7ab27592872d82799d38e145

  • SSDEEP

    49152:7vTz92YpaQI6oPZlhP3ReybewoqC01JWRoGdl2XTHHB72eh2NTB:7vn92YpaQI6oPZlhP3YybewoqCZ5

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SGVP

C2

192.168.1.9:4782

150.129.206.176:4782

Ai-Sgvp-33452.portmap.host:33452

Mutex

eeeb55fc-ba05-43e4-97f6-732f35b891b4

Attributes
  • encryption_key

    09BBDA8FF0524296F02F8F81158F33C0AA74D487

  • install_name

    User Application Data.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windowns Client Startup

  • subdirectory

    Quasar

Targets

    • Target

      5635d897dd5b3ee97bf94e1ad08de46ee35776fb5095baa3c89396b51658eb2b.exe

    • Size

      3.1MB

    • MD5

      2fbabfd67d127a2e7c317b0f92ff82bb

    • SHA1

      a57aaecb6f20306c20dd169c674278e53bf19f41

    • SHA256

      5635d897dd5b3ee97bf94e1ad08de46ee35776fb5095baa3c89396b51658eb2b

    • SHA512

      c9646395bab0457c4524c0e1d078cd3662da2d32f15f37087fc8a47f7134685b536916affd3aee2b58c8aca5b18b6981d923296e7ab27592872d82799d38e145

    • SSDEEP

      49152:7vTz92YpaQI6oPZlhP3ReybewoqC01JWRoGdl2XTHHB72eh2NTB:7vn92YpaQI6oPZlhP3YybewoqCZ5

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.