Overview

overview

10

Static

static

10

newwasdwasd.exe

windows10-2004-x64

10

newwasdwasd.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    newwasdwasd.exe

  • Size

    3.1MB

  • Sample

    241225-xry2astjey

  • MD5

    048106e39bf4014d0c3e0481becddb92

  • SHA1

    7f12cc9a25a07a9ff47d34fa53fed13144b07342

  • SHA256

    ef2a326a4226caafa7542e93fc2aa474874907eb369dfca8dea080a4a8fa854d

  • SHA512

    1ff8fbed8e2775f5559ece342c133e8018c9df6ab1ebec66b45312a4ab79f8c275516c1a4fd1cd1d37af7e0382f44a90e3e7e8078790296eb7e793122cee00ff

  • SSDEEP

    49152:7vwhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaQSSMf3VoGdwTHHB72eh2NT:7vit2d5aKCuVPzlEmVQ0wvwfQSj

Score
10/10
quasarminecraft_updaterspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

minecraft_updater

C2

98.97.12.133:631

Mutex

182d06ff-972f-4a96-b344-59a01694d374

Attributes
  • encryption_key

    C5904FDD788EA00F921C538B9FE80C0B0A0DE728

  • install_name

    MinecraftUpdater.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    MinecraftUpdater

  • subdirectory

    SubDir

Targets

    • Target

      newwasdwasd.exe

    • Size

      3.1MB

    • MD5

      048106e39bf4014d0c3e0481becddb92

    • SHA1

      7f12cc9a25a07a9ff47d34fa53fed13144b07342

    • SHA256

      ef2a326a4226caafa7542e93fc2aa474874907eb369dfca8dea080a4a8fa854d

    • SHA512

      1ff8fbed8e2775f5559ece342c133e8018c9df6ab1ebec66b45312a4ab79f8c275516c1a4fd1cd1d37af7e0382f44a90e3e7e8078790296eb7e793122cee00ff

    • SSDEEP

      49152:7vwhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaQSSMf3VoGdwTHHB72eh2NT:7vit2d5aKCuVPzlEmVQ0wvwfQSj

    Score
    10/10
    quasarminecraft_updaterspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks