General
-
Target
15a67fe07697ed47c8307e23665050ae7959575266053f3161019e96fb7fc909N.exe
-
Size
786KB
-
Sample
250120-pkxwnaypdl
-
MD5
9c4894438cde81f24f332662f3c2aae0
-
SHA1
0f4da3fd7ff45e65a13cfbc4268be143f9e9d7dd
-
SHA256
15a67fe07697ed47c8307e23665050ae7959575266053f3161019e96fb7fc909
-
SHA512
9448231e8619904ce115fd8b66488eef462f010dced19fc4ef2f327474b9019cac779e28b4fda2dda4cf8f0be4295b53014911831213a25eb925c9a555c1a30e
-
SSDEEP
12288:SBMYGfKGK1IisTAkFTw7Z5LnZfHKVN88r0o5+593ZBIop2Eg6oXHQSSjl1HU:SxI1MnZfHKw8Be3ZGx36oXw9l10
Malware Config
Extracted
quasar
1.4.0
Office04
judicial.con-ip.com:53890
cfa7b428-b778-4bda-8f78-8027f433ab1e
-
encryption_key
BCB3D7E61EBFADA295CE4E370B5FC34D54533AA8
-
install_name
fdxfdx.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
fdxnvidia
-
subdirectory
SubDir
Targets
-
-
Target
15a67fe07697ed47c8307e23665050ae7959575266053f3161019e96fb7fc909N.exe
-
Size
786KB
-
MD5
9c4894438cde81f24f332662f3c2aae0
-
SHA1
0f4da3fd7ff45e65a13cfbc4268be143f9e9d7dd
-
SHA256
15a67fe07697ed47c8307e23665050ae7959575266053f3161019e96fb7fc909
-
SHA512
9448231e8619904ce115fd8b66488eef462f010dced19fc4ef2f327474b9019cac779e28b4fda2dda4cf8f0be4295b53014911831213a25eb925c9a555c1a30e
-
SSDEEP
12288:SBMYGfKGK1IisTAkFTw7Z5LnZfHKVN88r0o5+593ZBIop2Eg6oXHQSSjl1HU:SxI1MnZfHKw8Be3ZGx36oXw9l10
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Suspicious use of SetThreadContext
-