Overview

overview

10

Static

static

10

ligma_menu.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ligma_menu.exe

  • Size

    3.1MB

  • Sample

    250118-3gtxgsyjgv

  • MD5

    5d585eaddfaddd8dad1d752c0bbaa34a

  • SHA1

    f42906d58c5a404cdc349b7a98c087c1e500b21b

  • SHA256

    b37cf25cf1b1df68f13bba06d62439fde48b2b08156691baf36b1506a6242d0f

  • SHA512

    31705030c280f617ad87087e0aa3079a661bcb74fa7d8f5d93dc3bae2239f1de5f7b2f48dd9f88051695a64673ee09a4d19a7705fe3d3942aa2d46668777bde2

  • SSDEEP

    49152:mvyI22SsaNYfdPBldt698dBcjHdoSgYWboGZ4rTHHB72eh2NT:mvf22SsaNYfdPBldt6+dBcjHdoSgY0

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.184:4782

Mutex

3b3d8c23-815f-460c-a0d4-67d49cd2682d

Attributes
  • encryption_key

    1758FB18D23634847927348E0CD6C3963ABFE0AB

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      ligma_menu.exe

    • Size

      3.1MB

    • MD5

      5d585eaddfaddd8dad1d752c0bbaa34a

    • SHA1

      f42906d58c5a404cdc349b7a98c087c1e500b21b

    • SHA256

      b37cf25cf1b1df68f13bba06d62439fde48b2b08156691baf36b1506a6242d0f

    • SHA512

      31705030c280f617ad87087e0aa3079a661bcb74fa7d8f5d93dc3bae2239f1de5f7b2f48dd9f88051695a64673ee09a4d19a7705fe3d3942aa2d46668777bde2

    • SSDEEP

      49152:mvyI22SsaNYfdPBldt698dBcjHdoSgYWboGZ4rTHHB72eh2NT:mvf22SsaNYfdPBldt6+dBcjHdoSgY0

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks