General

  • Target

    Aimbot MTA.zip

  • Size

    1.1MB

  • Sample

    241228-hcshmswrdp

  • MD5

    daa57cdeeab30823f89e5349b832a817

  • SHA1

    feb679856d7a4a04d5e1a26e741dd6deb5ee0e88

  • SHA256

    129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de

  • SHA512

    1403f94c54374a91e8d9e29b594b490ff49c16b4bd404148157e7b2a7eb57beced3459e612045433e3b4a0f78aca93d34fe2f4c198fc5669dee85c139273f376

  • SSDEEP

    24576:3bPC4RI32t9KyRPCKNJrYjWj1JkpsnWvWjI7mBPJiOMSeFAPNuHWE:rKsIm3K8voCApsnBnFJirjSU2E

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes
  • encryption_key

    AEA258EF65BF1786F0F767C0BE2497ECC304C46F

  • install_name

    WindowsUpdate.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    WindowsUpdate

  • subdirectory

    SubDir

Targets

    • Target

      Aimbot MTA.zip

    • Size

      1.1MB

    • MD5

      daa57cdeeab30823f89e5349b832a817

    • SHA1

      feb679856d7a4a04d5e1a26e741dd6deb5ee0e88

    • SHA256

      129c9712c6553669392a034fc14842a4045df98bb8abce95a6b74ecf9760a4de

    • SHA512

      1403f94c54374a91e8d9e29b594b490ff49c16b4bd404148157e7b2a7eb57beced3459e612045433e3b4a0f78aca93d34fe2f4c198fc5669dee85c139273f376

    • SSDEEP

      24576:3bPC4RI32t9KyRPCKNJrYjWj1JkpsnWvWjI7mBPJiOMSeFAPNuHWE:rKsIm3K8voCApsnBnFJirjSU2E

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks