General

  • Target

    ConnectToServer.exe

  • Size

    3.1MB

  • Sample

    250115-chqy4sxjgs

  • MD5

    622f266e2d1ca12b98a9f553bc38f366

  • SHA1

    7c042256bf6f26ef421012a9dcd23b5cec63b738

  • SHA256

    37c354b78bac35fcb8ea01381e4bbc0013c3d462414c2246a26797790362b50a

  • SHA512

    23f704937ac1ae19edf5215474da6a31411b94dfc6572d45cb51a6fd6fbd464cb39d59eaaee7c12dc890d29177f3abe3e85c87693dc4f8d3f5f0b351a2a855d9

  • SSDEEP

    49152:DvCI22SsaNYfdPBldt698dBcjHLb4OZjDvJuJoGdinTHHB72eh2NT:DvP22SsaNYfdPBldt6+dBcjHPjQS

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

hi-tin.gl.at.ply.gg:14413

Mutex

a7a63354-73e8-4f60-93c0-dfe7bb74afe3

Attributes
  • encryption_key

    00B725E3944DCC9CC2ADDC0820F57FE1981B6AC6

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      ConnectToServer.exe

    • Size

      3.1MB

    • MD5

      622f266e2d1ca12b98a9f553bc38f366

    • SHA1

      7c042256bf6f26ef421012a9dcd23b5cec63b738

    • SHA256

      37c354b78bac35fcb8ea01381e4bbc0013c3d462414c2246a26797790362b50a

    • SHA512

      23f704937ac1ae19edf5215474da6a31411b94dfc6572d45cb51a6fd6fbd464cb39d59eaaee7c12dc890d29177f3abe3e85c87693dc4f8d3f5f0b351a2a855d9

    • SSDEEP

      49152:DvCI22SsaNYfdPBldt698dBcjHLb4OZjDvJuJoGdinTHHB72eh2NT:DvP22SsaNYfdPBldt6+dBcjHPjQS

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks