General

  • Target

    RedEngine.exe

  • Size

    502KB

  • Sample

    250211-3x28ssvncx

  • MD5

    7178d81c9afdabb202f31315f7eed7e2

  • SHA1

    527a063588b3e4d3acc04cf211d9b0df33f5ade2

  • SHA256

    67e35ca53e1ee18113207c2edf4b165ae9158cfed151e08bac627327f9c60f21

  • SHA512

    80b770bd2d3541400386c4aa446da8840823864a62d73554dd62ea08d5e9596f2b737fa8046eb6fb892690d115eb928022cdb1d24f4f8d9cf2e449adfd0809a5

  • SSDEEP

    6144:9TEgdc0Y5XAGbgiIN2RSBTuYNzBlh/gKeFwQHocEhyb8F9ODx2cTR30:9TEgdfYVbg/uOiFwR12x2cd0

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

TRAINING

C2

185.241.208.185:16145

Mutex

22073971-8d9a-4364-9916-abbb09ac9d8b

Attributes
  • encryption_key

    7A9A8376440E3257DB2B54403642F366A5FBE14A

  • install_name

    Starter Module.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Starter Module

  • subdirectory

    Modules

Targets

    • Target

      RedEngine.exe

    • Size

      502KB

    • MD5

      7178d81c9afdabb202f31315f7eed7e2

    • SHA1

      527a063588b3e4d3acc04cf211d9b0df33f5ade2

    • SHA256

      67e35ca53e1ee18113207c2edf4b165ae9158cfed151e08bac627327f9c60f21

    • SHA512

      80b770bd2d3541400386c4aa446da8840823864a62d73554dd62ea08d5e9596f2b737fa8046eb6fb892690d115eb928022cdb1d24f4f8d9cf2e449adfd0809a5

    • SSDEEP

      6144:9TEgdc0Y5XAGbgiIN2RSBTuYNzBlh/gKeFwQHocEhyb8F9ODx2cTR30:9TEgdfYVbg/uOiFwR12x2cd0

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks