General
-
Target
MultiTool Setup.exe
-
Size
2.7MB
-
Sample
250328-xvbeea1r15
-
MD5
c69d327438fde6e17346aa6aca31d925
-
SHA1
8d029d5248d5c8213e08685b575d8e62bb1905cb
-
SHA256
2beda275889a22bc7802f19347d682097aec3f7a3005f5c7fe263a3e625b3d8d
-
SHA512
8e95612190b68f81726d5eb4686414c17be6de337aa0029db20e7ac322f57239aff0304f9e9ccd7059b1c1e7bf1bceb50cea598e1a7241a8d2e0afab6385d1ef
-
SSDEEP
49152:BxXXm66OsQGuZjpAJ2EB45hN1nd3fmMDU8Sb0uRhEoy:BxHXsQG2jqq5hNSMYTRWoy
Malware Config
Targets
-
-
Target
MultiTool Setup.exe
-
Size
2.7MB
-
MD5
c69d327438fde6e17346aa6aca31d925
-
SHA1
8d029d5248d5c8213e08685b575d8e62bb1905cb
-
SHA256
2beda275889a22bc7802f19347d682097aec3f7a3005f5c7fe263a3e625b3d8d
-
SHA512
8e95612190b68f81726d5eb4686414c17be6de337aa0029db20e7ac322f57239aff0304f9e9ccd7059b1c1e7bf1bceb50cea598e1a7241a8d2e0afab6385d1ef
-
SSDEEP
49152:BxXXm66OsQGuZjpAJ2EB45hN1nd3fmMDU8Sb0uRhEoy:BxHXsQG2jqq5hNSMYTRWoy
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Peripheral Device Discovery
1Query Registry
3Remote System Discovery
1System Information Discovery
2System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1