General
-
Target
http://medai.tv
-
Sample
241230-dvvy9swpcy
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
https://captcha.cam/file.b64
Extracted
Family
quasar
Version
1.4.1
Botnet
28
C2
194.26.192.167:2768
Mutex
859d5f90-e2d0-4b2d-ba9f-5371df032ec2
Attributes
-
encryption_key
BE2B0B270E4DB19CAA5C42E9D2EBF64645A2D055
-
install_name
RuntimeBroker.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
RuntimeBroker
-
subdirectory
RuntimeBroker
Targets
-
-
Target
http://medai.tv
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-