Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    250117-dt85ha1mbr

  • MD5

    1c5623527c313f4579073dc072f66d29

  • SHA1

    66b831c9e349c46ea4446e02db80f7e399b4e8dd

  • SHA256

    1eca7997b75df9fe1c05bc5f4160da5e3ce00e1ae69ad0ca46a15ab126e9c453

  • SHA512

    605a2326b86484c889e25caf69f157c454e9ba82598dd9e75238b6a45ae3f90a9a2934d241fe57f1f9ffd7e80d032dfe5d62b03b23e9643760e21fe0e4e0cb15

  • SSDEEP

    49152:3vrI22SsaNYfdPBldt698dBcjHVxRJ6dbR3LoGdcTHHB72eh2NT:3vU22SsaNYfdPBldt6+dBcjHVxRJ6v

Score
10/10
quasaroffsetdiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Offset

C2

feb-arrested.gl.at.ply.gg:17830

Mutex

6e42bdfc-2d57-4961-8fe9-d28735513d49

Attributes
  • encryption_key

    CABE6FE0988CAB22AE614AA6065A89402DF1C513

  • install_name

    svchost.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    conhost

  • subdirectory

    Windows

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      1c5623527c313f4579073dc072f66d29

    • SHA1

      66b831c9e349c46ea4446e02db80f7e399b4e8dd

    • SHA256

      1eca7997b75df9fe1c05bc5f4160da5e3ce00e1ae69ad0ca46a15ab126e9c453

    • SHA512

      605a2326b86484c889e25caf69f157c454e9ba82598dd9e75238b6a45ae3f90a9a2934d241fe57f1f9ffd7e80d032dfe5d62b03b23e9643760e21fe0e4e0cb15

    • SSDEEP

      49152:3vrI22SsaNYfdPBldt698dBcjHVxRJ6dbR3LoGdcTHHB72eh2NT:3vU22SsaNYfdPBldt6+dBcjHVxRJ6v

    Score
    10/10
    quasaroffsetspywaretrojandiscovery

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks