Overview

overview

10

Static

static

3

Mono.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mono.exe

  • Size

    14KB

  • Sample

    241230-d83ahaxkaq

  • MD5

    db7b0a5a3a54e83200368927b5f3a007

  • SHA1

    5cb156def2a964f7551a6036ec7af1d8afea4cb2

  • SHA256

    4902cfc6d7899675fad895da3fdc49f383c5ce0b126986a20c2b29e1382fc1ed

  • SHA512

    79636f827d951ee566ffccd79372a18ee07ba178e54c0421211b54a1ea33c9fc7e5522093bd4abf1a9794a7a0ab9dd7bd3913aec995b819ab588e26373e39009

  • SSDEEP

    384:iYAlQqV70tSM1z5zj7Ez48jQKira3lyjcoEwjZ2V8E+d4fjxAd:UMkzDHlmQKn/d

Score
10/10
quasar28discoveryexecutionspywaretrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://captcha.cam/file.b64

Extracted

Family

quasar

Version

1.4.1

Botnet

28

C2

194.26.192.167:2768

Mutex

859d5f90-e2d0-4b2d-ba9f-5371df032ec2

Attributes
  • encryption_key

    BE2B0B270E4DB19CAA5C42E9D2EBF64645A2D055

  • install_name

    RuntimeBroker.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    RuntimeBroker

  • subdirectory

    RuntimeBroker

Targets

    • Target

      Mono.exe

    • Size

      14KB

    • MD5

      db7b0a5a3a54e83200368927b5f3a007

    • SHA1

      5cb156def2a964f7551a6036ec7af1d8afea4cb2

    • SHA256

      4902cfc6d7899675fad895da3fdc49f383c5ce0b126986a20c2b29e1382fc1ed

    • SHA512

      79636f827d951ee566ffccd79372a18ee07ba178e54c0421211b54a1ea33c9fc7e5522093bd4abf1a9794a7a0ab9dd7bd3913aec995b819ab588e26373e39009

    • SSDEEP

      384:iYAlQqV70tSM1z5zj7Ez48jQKira3lyjcoEwjZ2V8E+d4fjxAd:UMkzDHlmQKn/d

    Score
    10/10
    quasar28discoveryexecutionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks