General

  • Target

    Crunchyroll GEN_.exe

  • Size

    3.1MB

  • Sample

    241222-3fdh4s1qex

  • MD5

    697aba2b3c2bc4028ad287b364101483

  • SHA1

    4024c8f79c0e99f520ee4bbba87fef93e688ab97

  • SHA256

    f65322422149c55e52509d96d6050a36618fd48379b65e340882c5b770370412

  • SHA512

    b231d37d4df57cfe36275f8f1ed2e106dbf6619b295eabcc73518cf016c50860142c28697ac6a4d61973685fd28e37460493da27f153c130df440d1c2a28b5f0

  • SSDEEP

    49152:65tesQb25VTAQ3wv9qspqyyDuVQFKCAdkuwiIak0LfNshLq:6PesQbUVcQAv9IzGKAdkoIhL

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

testTSR

C2

testTSR-35311.portmap.host:35311

Mutex

b1c1e27b-0ae6-47f6-b162-8a3ca61fd7d0

Attributes
  • encryption_key

    3E520C89AF59AB576F107D67332A341C23090C0B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Crunchyroll GEN_.exe

    • Size

      3.1MB

    • MD5

      697aba2b3c2bc4028ad287b364101483

    • SHA1

      4024c8f79c0e99f520ee4bbba87fef93e688ab97

    • SHA256

      f65322422149c55e52509d96d6050a36618fd48379b65e340882c5b770370412

    • SHA512

      b231d37d4df57cfe36275f8f1ed2e106dbf6619b295eabcc73518cf016c50860142c28697ac6a4d61973685fd28e37460493da27f153c130df440d1c2a28b5f0

    • SSDEEP

      49152:65tesQb25VTAQ3wv9qspqyyDuVQFKCAdkuwiIak0LfNshLq:6PesQbUVcQAv9IzGKAdkoIhL

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks