General

  • Target

    Client-built.bat

  • Size

    1.6MB

  • Sample

    241224-ft3c3askan

  • MD5

    a7aa482ba1ee0ea8d147d628d5a65f05

  • SHA1

    91e3a640c294a36697d9759a29072fdb4ab62346

  • SHA256

    79173bee83878cae44d9fc21fa85590711a92edc2d43caafb1350eb2800e72d7

  • SHA512

    a27dae71d85910609682cc324d4c4cf5c2e772f0a57209d2fbdc3e345538487d1262148b01b16df8cfb52c3c2a72ae04eb381f7dcf33d77c01d532d421e93a32

  • SSDEEP

    24576:tkjkTu1rkvOjvCsDjTprQ50JDzRj2umzby88rBFjB9a/In5PJBmpR4JRej08SG84:t859kWf+gEJe8yBBl+pIVX4

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

85.209.133.15:111

Mutex

4427abb1-66d5-405b-a340-061f8386d8c1

Attributes
  • encryption_key

    A0083941CFC8C27C9F733BBA0ECD4E4B76BD61E8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.bat

    • Size

      1.6MB

    • MD5

      a7aa482ba1ee0ea8d147d628d5a65f05

    • SHA1

      91e3a640c294a36697d9759a29072fdb4ab62346

    • SHA256

      79173bee83878cae44d9fc21fa85590711a92edc2d43caafb1350eb2800e72d7

    • SHA512

      a27dae71d85910609682cc324d4c4cf5c2e772f0a57209d2fbdc3e345538487d1262148b01b16df8cfb52c3c2a72ae04eb381f7dcf33d77c01d532d421e93a32

    • SSDEEP

      24576:tkjkTu1rkvOjvCsDjTprQ50JDzRj2umzby88rBFjB9a/In5PJBmpR4JRej08SG84:t859kWf+gEJe8yBBl+pIVX4

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks