General
-
Target
1e68461dbed6cc77c53808defed0071b243a9fbae1bf36576a124d843ebfe0eb
-
Size
348KB
-
Sample
250126-mn6xmayqht
-
MD5
d92b40747b5d7d55af91583f44f23fd9
-
SHA1
2e8ff2af588150d868d3c9bd735a5f1d4b966e27
-
SHA256
1e68461dbed6cc77c53808defed0071b243a9fbae1bf36576a124d843ebfe0eb
-
SHA512
c357f9ad39f71d68a37edc346cfdb7f957bd65e2b53bc31e2cae1cc12e0ad9ad245ca4d959bd4b2a9be4d8a7df019de6d4332f88d60552692811c4cf8fc2a9d0
-
SSDEEP
6144:LzNHXf500MB0fNKIHb7JdilYKYKKtlNFBOwEY+:vd50eKI5YuTlNFByY+
Malware Config
Extracted
quasar
1.3.0.0
sigorta
217.195.197.170:1604
QSR_MUTEX_9WjAcLINYji1uqfzRt
-
encryption_key
B2vTTMiPGqHXv2xzSGYH
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
1e68461dbed6cc77c53808defed0071b243a9fbae1bf36576a124d843ebfe0eb
-
Size
348KB
-
MD5
d92b40747b5d7d55af91583f44f23fd9
-
SHA1
2e8ff2af588150d868d3c9bd735a5f1d4b966e27
-
SHA256
1e68461dbed6cc77c53808defed0071b243a9fbae1bf36576a124d843ebfe0eb
-
SHA512
c357f9ad39f71d68a37edc346cfdb7f957bd65e2b53bc31e2cae1cc12e0ad9ad245ca4d959bd4b2a9be4d8a7df019de6d4332f88d60552692811c4cf8fc2a9d0
-
SSDEEP
6144:LzNHXf500MB0fNKIHb7JdilYKYKKtlNFBOwEY+:vd50eKI5YuTlNFByY+
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-