General

  • Target

    2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f.exe

  • Size

    3.1MB

  • Sample

    250120-gj64yavken

  • MD5

    fbea67e43074abf3a3524c5110e933d4

  • SHA1

    2fb7d4fd691be43f1420bc62556744264d43d391

  • SHA256

    2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f

  • SHA512

    e0e5ca07f0c78c000a9979d533febc9e64f9f4373d1499acad5a39349285fa56be10849372a4410b3dd97a30d1e46040845c568aa2f09a8b5a08419c2c02795b

  • SSDEEP

    49152:mvDI22SsaNYfdPBldt698dBcjHM/RJ6bbR3LoGdOTHHB72eh2NT4:mv822SsaNYfdPBldt6+dBcjHM/RJ6t4

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SvchostMan

C2

121.89.184.234:4782

106.241.55.218:4782

Mutex

3094dfa3-6b09-4170-abb5-cd6f0b055018

Attributes
  • encryption_key

    A5C933A97D91C5A7CDBF6D4FF8D161BFBC686474

  • install_name

    svchost.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Svc Name

  • subdirectory

    drivers

Targets

    • Target

      2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f.exe

    • Size

      3.1MB

    • MD5

      fbea67e43074abf3a3524c5110e933d4

    • SHA1

      2fb7d4fd691be43f1420bc62556744264d43d391

    • SHA256

      2408d093d19cf05e38b6701c9ac6c61f63f1d2042e3ef5d4999b0106ff18570f

    • SHA512

      e0e5ca07f0c78c000a9979d533febc9e64f9f4373d1499acad5a39349285fa56be10849372a4410b3dd97a30d1e46040845c568aa2f09a8b5a08419c2c02795b

    • SSDEEP

      49152:mvDI22SsaNYfdPBldt698dBcjHM/RJ6bbR3LoGdOTHHB72eh2NT4:mv822SsaNYfdPBldt6+dBcjHM/RJ6t4

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks