General
-
Target
C4B4BB7C2A9739A37014CB279B787727
-
Size
384KB
-
Sample
250204-krq98stkbp
-
MD5
c4b4bb7c2a9739a37014cb279b787727
-
SHA1
b71e4e0feffe8744208fc1f8460ffc7a4d98f37b
-
SHA256
8a60c64250d871c3dad6f5501a9cf864f390101dafd5d67b580ded24eba72c49
-
SHA512
86b8fd78a5fc9eebd4d25ff46f164ad4fa02783a7cdb769b75ac7e22eb806ed50d814ef72724caf36ea52770f8fc9d910761d20afb40f034a088ef78e4be867b
-
SSDEEP
6144:O/4i4pawTfIOqwSdhTYJoqvGcHJxnDLkbpvSe+fLD/+1nE8qkEBGjbu60j9Kx5UC:O/4HaSjRspYJoqvGVlaPLuER+3u6f51
Malware Config
Extracted
quasar
1.3.0.0
ACS hope
crazydns.linkpc.net:26133
QSR_MUTEX_6iGAmxpR39hpOQEFqk
-
encryption_key
qiJ37BhO6EEtAoSo8ukb
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
6Pax trip details.xlsx.exe
-
Size
566KB
-
MD5
cb2d2a48d646ebb9c773171d92b5bc41
-
SHA1
5e075d1420f4a631175ae31ef5261e4a87026c66
-
SHA256
4f795fed198da9f27a68dd60cb478ef768764da2f9d141e94c5f2624c85d4b13
-
SHA512
fe7f0741d71ee678a1b71a9cd33afe42cbfcd5741209b5bf838e7ae17ba2e13f161ea7a55b4eb2f08c7f749409d4dda32a2e040a725e13c7ae5b5c8526a9fcb9
-
SSDEEP
6144:csLsuwSdHTYloqvGyHJxnDrkbpvSU+fLN/+1n48qkEBmjbu60LROa+En4:XUszYloqvGdlaNLs4Ru3u60RO
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-