Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Client-built_.exe

windows10-2004-x64

10

Client-built__.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4d605dfef9dffc8254ed829e18df620b90ed96612ff60c5ba2b2f5f1bc4b4dd9

  • Size

    2.7MB

  • Sample

    250511-gcjp3afp8z

  • MD5

    147b5b005e1215127e6274de00f62754

  • SHA1

    9a7552647cc422dc4baec6dc02fad25c95bdd494

  • SHA256

    4d605dfef9dffc8254ed829e18df620b90ed96612ff60c5ba2b2f5f1bc4b4dd9

  • SHA512

    65871b077217b526c3928351c3092bfad8f1cb77c6e7588d142142b09d56c21298c4da3ab71e93fe50c636f2f996ec590af7f7d3fd7c8e996a0e34eef51ca1cf

  • SSDEEP

    49152:0WioCfiM9O6vfAKjAe0rVitKr9tCpzPyRltEwzi1lEninu:7YiB6HA/itKr9tQPyRltEOx+u

Score
10/10
quasarxvhualuspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

xvhualu

C2

xinxin.cam:80

xinxin.cam:443

irc.xinxin.cam:41201
Mutex

b261bc56-3b8c-4417-836a-3b09a9f39991

Attributes
  • encryption_key

    9B5DF7CCA397B5567CDA84558E5A5D3C0478130C

  • install_name

    tools.exe

  • key_salt

    bfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941

  • log_directory

    Logs

  • reconnect_delay

    500

  • startup_key

    欣欣哥花雨庭无敌辅助

  • subdirectory

    xinxin

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      762807d2c14cdd8beb5a21accd040151

    • SHA1

      fc746ce75fc0aaa5f8541efb2c58b8c2f113eaba

    • SHA256

      35efbb18b71fa27bb6c757864f73ea5991a5be0752736c7a94eb68c96dfc47ec

    • SHA512

      cc2ff46f57044e3360c9aa8c0c2036a3443b09cbd00994b9f6c9d0ae1bbbba1cdaa6a1770a1975e407facb5be3eca9152b8e192a5ae4bea46efc1ba59b9a491b

    • SSDEEP

      49152:rv+G42pda6D+/PjlLOlg6yQipVf+mV1J5GoGdMEYTHHB72eh2NT:rvZ42pda6D+/PjlLOlZyQipVf+mS

    Score
    10/10
    quasarxvhualuspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

    • Target

      Client-built_.exe

    • Size

      3.1MB

    • MD5

      7dc4f4d76552290f5a7e5f90c9c7f0bd

    • SHA1

      56ac39bb30ede123ef1139ce52c3d8919f42250e

    • SHA256

      dd33ec15131042f0bdf71a4cf07d5b10f6f21d8938ede11a51876776fd630290

    • SHA512

      55d86353afc8df689a99537f757bb1193a3b09511c4f3c6003094ebb2678e15a2228aaecc9e5fce3cca817180f7d19a8f857a39e415bc6cd334f069ac7a1ff70

    • SSDEEP

      49152:Tv+G42pda6D+/PjlLOlg6yQipVp2VRJ61bR3LoGdftTHHB72eh2NT:TvZ42pda6D+/PjlLOlZyQipVsVRJ6Hv

    Score
    10/10
    quasarxvhualuspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral2

    • Target

      Client-built__.exe

    • Size

      3.1MB

    • MD5

      359ec2555b3c74246b57fbb771803a28

    • SHA1

      3ff483573329cb92e374653bc7141bcda17195b7

    • SHA256

      fcdbeb83ae19b3dbc8c4c36448fff4545ef731716e65a2ac24f173630fdaa3aa

    • SHA512

      943af600d8ee65c1da495129801675fa6aae365895bab8064baa93511d43075936f9860884d44ee7c08a940dd60e104328b219867b5f17ae085b7800f6442a2c

    • SSDEEP

      49152:Wv+G42pda6D+/PjlLOlg6yQipVkxHEakrk/LoLoGd9THHB72eh2NT:WvZ42pda6D+/PjlLOlZyQipVkxJk

    Score
    10/10
    quasarxvhualuspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral3

MITRE ATT&CK Enterprise v16

Tasks

OSZAR »