General

  • Target

    516e463e2ea077d24cf12f4e3d8a886b99948497cb2eb1fe9a73ca0d61eea32e.exe

  • Size

    3.4MB

  • Sample

    241220-evdknaznfq

  • MD5

    9a1361570008e75a9a8c6c93b8ea9a68

  • SHA1

    66852a8ff188d2003cb0a5c5b3b6d7659719c18c

  • SHA256

    516e463e2ea077d24cf12f4e3d8a886b99948497cb2eb1fe9a73ca0d61eea32e

  • SHA512

    88c39ba29172e236eaa32c1ac531975dc952d36556b7f3d3eb2faa3c9ffe0a39f7f3e4b2a1ae22664f86df41fddef5046d9ded2b522bd9848e5aaa58170889d5

  • SSDEEP

    49152:GvblL26AaNeWgPhlmVqvMQ7XSKidzYAfqoGd7THHB72eh2NT:GvBL26AaNeWgPhlmVqkQ7XSK4zYAy

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

70.34.210.80:4782

192.168.1.203:4782

Mutex

0d965223-b478-41be-af32-ad5a13d78eba

Attributes
  • encryption_key

    EBD92C218F947CFB9F2E27885F8DFFEAE9079F05

  • install_name

    MSWinpreference.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Skype

  • subdirectory

    SubDir

Targets

    • Target

      516e463e2ea077d24cf12f4e3d8a886b99948497cb2eb1fe9a73ca0d61eea32e.exe

    • Size

      3.4MB

    • MD5

      9a1361570008e75a9a8c6c93b8ea9a68

    • SHA1

      66852a8ff188d2003cb0a5c5b3b6d7659719c18c

    • SHA256

      516e463e2ea077d24cf12f4e3d8a886b99948497cb2eb1fe9a73ca0d61eea32e

    • SHA512

      88c39ba29172e236eaa32c1ac531975dc952d36556b7f3d3eb2faa3c9ffe0a39f7f3e4b2a1ae22664f86df41fddef5046d9ded2b522bd9848e5aaa58170889d5

    • SSDEEP

      49152:GvblL26AaNeWgPhlmVqvMQ7XSKidzYAfqoGd7THHB72eh2NT:GvBL26AaNeWgPhlmVqkQ7XSK4zYAy

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.