Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1320426903097839636/1320475684333948959/Hellfire.rar?ex=6769bc50&is=67686ad0&hm=8ef26812fa3bd983f76bf4aaf08d59b130388ce89b4e535ef45ac8b1f9a0f238&

  • Sample

    241222-ye94gawrhz

Score
10/10
quasarimagediscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Image

C2

192.168.56.1:4782

Mutex

312bce56-67e9-4c48-a27a-de306b9dad89

Attributes
  • encryption_key

    691E85B569FC3C88790A081979AAACDC8A8F7C98

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      https://cdn.discordapp.com/attachments/1320426903097839636/1320475684333948959/Hellfire.rar?ex=6769bc50&is=67686ad0&hm=8ef26812fa3bd983f76bf4aaf08d59b130388ce89b4e535ef45ac8b1f9a0f238&

    Score
    10/10
    quasarimagediscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks