General
-
Target
https://mega.nz/file/ayImiZAL#IFqrGt99TZI_AFzkaKU5jHoS3_sSYUdZVZCVgKSSRyI
-
Sample
250327-weyz4awscy
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Skibidi
C2
lorafic327-24080.portmap.host:24080
Mutex
257eb389-87df-4594-bc6b-873caf11bd53
Attributes
-
encryption_key
77F7FE7B7319F6A0DA07605DC19721F061A3F4DA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows AV
-
subdirectory
SubDir
Targets
-
-
Target
https://mega.nz/file/ayImiZAL#IFqrGt99TZI_AFzkaKU5jHoS3_sSYUdZVZCVgKSSRyI
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1