Resubmissions

18/05/2025, 20:46

250518-zkeeescr8w 10

18/05/2025, 20:36

250518-zdy59acq2z 10

General

  • Target

    SolaraExecutor.exe

  • Size

    1.5MB

  • Sample

    250518-zkeeescr8w

  • MD5

    ef613eb8a8624ddeb3aec0f37eab6f4e

  • SHA1

    8b333a64ce1655c42a8e39ee178c5966cc6ee502

  • SHA256

    1aef924860dc48e0ce4129fffa1b8bb2967323875ba169b87bcef95093f080b8

  • SHA512

    88815fe5c5d2633d46a0e295dfb5d8b904783fea67e40cf8dfa1b4330d0cb16002f39cdb825346a33b41a9570a7c06c558fe29df21839b05366d8dbdd05c8106

  • SSDEEP

    24576:ipL3MU15qwS2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9ls2gSbD:ipX15v7wR2EgKKm77LrwCB6Ae

Malware Config

Extracted

Family

quasar

Version

1.6.0

Botnet

Necrum

C2

specific-ibm.gl.at.ply.gg:35299

Mutex

cd704468-93ff-41a0-92f4-2645a69a5cfc

Attributes
  • encryption_key

    AB0689621AFC4D653B4FB13A99B3761B0E9CE72C

  • install_name

    SolaraExecutor.exe

  • key_salt

    5a23f8394640cb9e40658446a04c0bbae82dc93d0470e1b2a406a90fd2520382

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    SolaraExecutor

  • subdirectory

    SubDir

Targets

    • Target

      SolaraExecutor.exe

    • Size

      1.5MB

    • MD5

      ef613eb8a8624ddeb3aec0f37eab6f4e

    • SHA1

      8b333a64ce1655c42a8e39ee178c5966cc6ee502

    • SHA256

      1aef924860dc48e0ce4129fffa1b8bb2967323875ba169b87bcef95093f080b8

    • SHA512

      88815fe5c5d2633d46a0e295dfb5d8b904783fea67e40cf8dfa1b4330d0cb16002f39cdb825346a33b41a9570a7c06c558fe29df21839b05366d8dbdd05c8106

    • SSDEEP

      24576:ipL3MU15qwS2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9ls2gSbD:ipX15v7wR2EgKKm77LrwCB6Ae

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v16

Tasks