General

  • Target

    0a7ebca0af380827e362df072c5fc9ca41e8597f99cff0eed63407fca1b3fb63

  • Size

    3.9MB

  • Sample

    250703-f8k3bsvlx7

  • MD5

    46938612537bea58905cbe2873d3d600

  • SHA1

    8a86adafd365f94e44df96a9cf2a8cff9da65e42

  • SHA256

    0a7ebca0af380827e362df072c5fc9ca41e8597f99cff0eed63407fca1b3fb63

  • SHA512

    d95e539c23e089c51ac49f9ba7c38448c9b4169cff7522a4d60203980b7710316b83f102444d6414a1aa0bee09c61d68c797b5e6036936a3f8ad302f72b78d61

  • SSDEEP

    98304:0a2wvr22SsaNYfdPBldt6+dBcjHtKRJ6Bqg:kOM7jGIq

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

mx5.deitie.asia:4495

Mutex

ebbf737a-dddd-43dd-9b0a-74831302455d

Attributes
  • encryption_key

    F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1

  • install_name

    Client.exe

  • key_salt

    bfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      0a7ebca0af380827e362df072c5fc9ca41e8597f99cff0eed63407fca1b3fb63

    • Size

      3.9MB

    • MD5

      46938612537bea58905cbe2873d3d600

    • SHA1

      8a86adafd365f94e44df96a9cf2a8cff9da65e42

    • SHA256

      0a7ebca0af380827e362df072c5fc9ca41e8597f99cff0eed63407fca1b3fb63

    • SHA512

      d95e539c23e089c51ac49f9ba7c38448c9b4169cff7522a4d60203980b7710316b83f102444d6414a1aa0bee09c61d68c797b5e6036936a3f8ad302f72b78d61

    • SSDEEP

      98304:0a2wvr22SsaNYfdPBldt6+dBcjHtKRJ6Bqg:kOM7jGIq

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Drops startup file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v16

Tasks