Overview

overview

10

Static

static

10

mango hacks.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mango hacks.exe

  • Size

    3.1MB

  • Sample

    241227-zcxwsszkhl

  • MD5

    ada02d2c2033bb96b3b1d84c647ebb25

  • SHA1

    3d493d4a81501d6da75f961e3be9f1f96782fdfd

  • SHA256

    e3116bcc355108a729cad155297203e861e82f6f41f7042c6aacfb8669f009b0

  • SHA512

    d6377388689ee884d4604794fcbcd660bc45464669d03239ca5558b9d5adf35d61a7d84725901ada1643c1b8947aea669db3d2f862ec5a25919a8d1957b3882c

  • SSDEEP

    49152:bvyI22SsaNYfdPBldt698dBcjHstRJ6NbR3LoGdheDTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHstRJ6f

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

Mutex

2adfd588-3642-4fab-a4b0-4e5f6d8744eb

Attributes
  • encryption_key

    4F1C49CB2C147CA04D00B7306341D00FE2F78B63

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      mango hacks.exe

    • Size

      3.1MB

    • MD5

      ada02d2c2033bb96b3b1d84c647ebb25

    • SHA1

      3d493d4a81501d6da75f961e3be9f1f96782fdfd

    • SHA256

      e3116bcc355108a729cad155297203e861e82f6f41f7042c6aacfb8669f009b0

    • SHA512

      d6377388689ee884d4604794fcbcd660bc45464669d03239ca5558b9d5adf35d61a7d84725901ada1643c1b8947aea669db3d2f862ec5a25919a8d1957b3882c

    • SSDEEP

      49152:bvyI22SsaNYfdPBldt698dBcjHstRJ6NbR3LoGdheDTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHstRJ6f

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks