General
-
Target
discordupdate.exe
-
Size
3.1MB
-
Sample
250122-gnlc2aslbk
-
MD5
25befffc195ce47401f74afbe942f3ff
-
SHA1
287aacd0350f05308e08c6b4b8b88baf56f56160
-
SHA256
b67121c19394013d4e3fec0fcb138471e5ee51ebfafb296cc597afc0d256799f
-
SHA512
a28796538d64edaf7d4ba4d19e705211c779230a58b462793dab86ed5f51408feab998cf78ffe808819b4dc27cbaa981cd107887e0d5c7b0fb0f2bbca630973e
-
SSDEEP
49152:rv+I22SsaNYfdPBldt698dBcjH0gR04RoGdNdTHHB72eh2NT:rvz22SsaNYfdPBldt6+dBcjH0gR0k
Malware Config
Extracted
quasar
1.4.1
bot
wexos47815-61484.portmap.host:61484
06e2bb33-968c-4ca7-97dc-f23fbd5c3092
-
encryption_key
8924CB3C9515DA437A37F5AE598376261E5528FC
-
install_name
msinfo32.exe
-
log_directory
Update
-
reconnect_delay
3000
-
startup_key
Discordupdate
-
subdirectory
dll32
Targets
-
-
Target
discordupdate.exe
-
Size
3.1MB
-
MD5
25befffc195ce47401f74afbe942f3ff
-
SHA1
287aacd0350f05308e08c6b4b8b88baf56f56160
-
SHA256
b67121c19394013d4e3fec0fcb138471e5ee51ebfafb296cc597afc0d256799f
-
SHA512
a28796538d64edaf7d4ba4d19e705211c779230a58b462793dab86ed5f51408feab998cf78ffe808819b4dc27cbaa981cd107887e0d5c7b0fb0f2bbca630973e
-
SSDEEP
49152:rv+I22SsaNYfdPBldt698dBcjH0gR04RoGdNdTHHB72eh2NT:rvz22SsaNYfdPBldt6+dBcjH0gR0k
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-