General
-
Target
bde8c6
-
Size
10KB
-
Sample
241221-bmp2yayrbj
-
MD5
79dd35f2ee70740e878eb7de5b491d5b
-
SHA1
3c6c5fbc9604bb4881befaba7479818b75646ad7
-
SHA256
e8992eaf22edb67675f5a3e5714608574b48d319520779ea129fdb1fcfe74ac2
-
SHA512
118ff97a8896edd50220af7199a277b06728f4888bf284d9794e4b77b81992f1ee0b5f720e8bdcb32bfb51ce2efe249b8fb6fbce3709c9e3d9619dcfcca012ba
-
SSDEEP
192:yWE+KWdSLLL1q7qL5LZLguLaLMLCLCLDLSLkLNpoFnw1hVfUV/J4LhAypHU7At8m:yWE+KWdSPxdNkueQmeXmgxwneVfUV/SN
Malware Config
Extracted
quasar
1.4.1
Office04
rolok44419-55109.portmap.host:55109
0bcbf378-c5c6-4d35-b7db-11442a750cf2
-
encryption_key
A1C7F8E92E515420A946C210E4F8C886810ADBFD
-
install_name
AnyLoaderV4.9.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
SubDir
Targets
-
-
Target
bde8c6
-
Size
10KB
-
MD5
79dd35f2ee70740e878eb7de5b491d5b
-
SHA1
3c6c5fbc9604bb4881befaba7479818b75646ad7
-
SHA256
e8992eaf22edb67675f5a3e5714608574b48d319520779ea129fdb1fcfe74ac2
-
SHA512
118ff97a8896edd50220af7199a277b06728f4888bf284d9794e4b77b81992f1ee0b5f720e8bdcb32bfb51ce2efe249b8fb6fbce3709c9e3d9619dcfcca012ba
-
SSDEEP
192:yWE+KWdSLLL1q7qL5LZLguLaLMLCLCLDLSLkLNpoFnw1hVfUV/J4LhAypHU7At8m:yWE+KWdSPxdNkueQmeXmgxwneVfUV/SN
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE
-