General
-
Target
https://mega.nz/file/v7gVRSha#ENWFaV-pBpHZ9CFxRIZW_b_ZOnBeqtt5Ei-Ggrnu1VY
-
Sample
250327-v739vaxpy6
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Skibidi
C2
lorafic327-24080.portmap.host:24080
Mutex
45487e82-4421-421c-a3d8-fbbc90260d6c
Attributes
-
encryption_key
77F7FE7B7319F6A0DA07605DC19721F061A3F4DA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows AV
-
subdirectory
SubDir
Targets
-
-
Target
https://mega.nz/file/v7gVRSha#ENWFaV-pBpHZ9CFxRIZW_b_ZOnBeqtt5Ei-Ggrnu1VY
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-