General

  • Target

    JaffaCakes118_677b229363785a056c131021f5bd3ff397134900fd99ae5638bb4323c3a2683c

  • Size

    797.4MB

  • Sample

    241223-x8hqmsymby

  • MD5

    bf343479bb9e49e059a60dffe08cd298

  • SHA1

    8abf3621a47c868384573ca31501b2512b8c5c37

  • SHA256

    677b229363785a056c131021f5bd3ff397134900fd99ae5638bb4323c3a2683c

  • SHA512

    cb243a6de80ece274fb425e89638515f54d3a2c48bce19483f6f316c8e16ef7908ef41df1e9a41b61e1c63ae97d302bce9d6f74f41ef5bf1fed339d989f48573

  • SSDEEP

    25165824:XVeXzg9IZaBWvGHc3UJ8N1qKLLIgBjcBOCTty0VPcev5+AhroqrVK2Tw5pKOrb0i:XVeXzg9IZaBWvGHc3UJ8N1qKLLIgBjca

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

test

C2

91.109.178.8:7070

Mutex

d933480a-c837-40f6-9fb3-c6401087e068

Attributes
  • encryption_key

    2C0C62BDD42E42BC77F98F8E1EE713B43F791267

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      honestly/MyPcGonnaExplode - Copy (10) - Copy - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (10) - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (10) - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (10).exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (100) - Copy - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (100) - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (100) - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (101) - Copy - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (101) - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (101) - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (102) - Copy - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (102) - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (102) - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (103) - Copy - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (103) - Copy - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Target

      honestly/MyPcGonnaExplode - Copy (103) - Copy.exe

    • Size

      3.1MB

    • MD5

      e35e3f1f51f82cb73c7b70451878c263

    • SHA1

      764f6f6c17c5e3e3b88513975c94d635842f1bd8

    • SHA256

      58606efb4cc178df08094a25618cda8a117ee7b06371f2d8ac980bd218d013c9

    • SHA512

      5fcdfd52eb1dd60542563338ec240d4981a25d157d3fbc96be55706f950f48c6433ed87225ac9311308094954227bdca983a11c91472c5c29b860b48be24815b

    • SSDEEP

      49152:PvyI22SsaNYfdPBldt698dBcjHjGVv9ToGdxTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHjGVvp

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

testquasar
Score
10/10

behavioral1

quasartestspywaretrojan
Score
10/10

behavioral2

quasartestspywaretrojan
Score
10/10

behavioral3

quasartestspywaretrojan
Score
10/10

behavioral4

quasartestspywaretrojan
Score
10/10

behavioral5

quasartestspywaretrojan
Score
10/10

behavioral6

quasartestspywaretrojan
Score
10/10

behavioral7

quasartestspywaretrojan
Score
10/10

behavioral8

quasartestspywaretrojan
Score
10/10

behavioral9

quasartestspywaretrojan
Score
10/10

behavioral10

quasartestspywaretrojan
Score
10/10

behavioral11

quasartestspywaretrojan
Score
10/10

behavioral12

quasartestspywaretrojan
Score
10/10

behavioral13

quasartestspywaretrojan
Score
10/10

behavioral14

quasartestspywaretrojan
Score
10/10

behavioral15

quasartestspywaretrojan
Score
10/10

behavioral16

quasartestspywaretrojan
Score
10/10

behavioral17

quasartestspywaretrojan
Score
10/10

behavioral18

quasartestspywaretrojan
Score
10/10

behavioral19

quasartestspywaretrojan
Score
10/10

behavioral20

quasartestspywaretrojan
Score
10/10

behavioral21

quasartestspywaretrojan
Score
10/10

behavioral22

quasartestspywaretrojan
Score
10/10

behavioral23

quasartestspywaretrojan
Score
10/10

behavioral24

quasartestspywaretrojan
Score
10/10

behavioral25

quasartestspywaretrojan
Score
10/10

behavioral26

quasartestspywaretrojan
Score
10/10

behavioral27

quasartestspywaretrojan
Score
10/10

behavioral28

quasartestspywaretrojan
Score
10/10

behavioral29

quasartestspywaretrojan
Score
10/10

behavioral30

quasartestspywaretrojan
Score
10/10

behavioral31

quasartestspywaretrojan
Score
10/10

behavioral32

quasartestspywaretrojan
Score
10/10