General

  • Target

    55c5b0b62609618558f51c5f35380291a4337cae8b14e65dd5ce7b226e9e4096.exe

  • Size

    4.7MB

  • Sample

    241219-nl53zssqgn

  • MD5

    2884a477526c8308e9492845449e7e55

  • SHA1

    eee9ad47bffe627c71529e81bf9daaf95ee3df30

  • SHA256

    55c5b0b62609618558f51c5f35380291a4337cae8b14e65dd5ce7b226e9e4096

  • SHA512

    d4e3694af590f82a1464e403c05c4f7ed34dcd9a91b5b4930d72ae406625952f332b22f3a15aba4a2a412b1967ccb09a7383d2c4140752a1b296e9326f89b5f3

  • SSDEEP

    98304:nTPuv0E+GYYL6xaCOW01gjUYGpriBENypxqD4TIuCrRsr/mmubvhgLHbsdlR9fCp:TmcyhqatWTwrspxC4TIfir/mpbOsdlRK

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Viltrac

C2

51.15.17.193:4782

Mutex

d099b659-69af-41e2-9d7f-a5e64da5be06

Attributes
  • encryption_key

    97599F6E5D14A784CC4DD36B18A277119042FDA8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      55c5b0b62609618558f51c5f35380291a4337cae8b14e65dd5ce7b226e9e4096.exe

    • Size

      4.7MB

    • MD5

      2884a477526c8308e9492845449e7e55

    • SHA1

      eee9ad47bffe627c71529e81bf9daaf95ee3df30

    • SHA256

      55c5b0b62609618558f51c5f35380291a4337cae8b14e65dd5ce7b226e9e4096

    • SHA512

      d4e3694af590f82a1464e403c05c4f7ed34dcd9a91b5b4930d72ae406625952f332b22f3a15aba4a2a412b1967ccb09a7383d2c4140752a1b296e9326f89b5f3

    • SSDEEP

      98304:nTPuv0E+GYYL6xaCOW01gjUYGpriBENypxqD4TIuCrRsr/mmubvhgLHbsdlR9fCp:TmcyhqatWTwrspxC4TIfir/mpbOsdlRK

MITRE ATT&CK Matrix

Tasks