Overview

overview

10

Static

static

10

Neo.exe

windows10-1703-x64

10

Neo.exe

windows10-2004-x64

10

Neo.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Neo.exe

  • Size

    348KB

  • Sample

    240628-3za74awalg

  • MD5

    1e7a43037ad795c85258f3543636cae6

  • SHA1

    634d8def0e80e4791698d7e94b20dd8c5aba063c

  • SHA256

    cdd44caceb600c73a01b95c572142a59a35a23b1fb8e8e70cf920140366d3d09

  • SHA512

    443dc2ea997bc3dc51371313161ab9990ac3a1eed30cd2f414e08c9fdbc32c36a2b97813759b67394b3de8f19649256d8a1e1d87636efee065f8fc5487a71853

  • SSDEEP

    6144:ILL3HRsM+OFZcAHCJbFnrMr1TuT8igmMu:OVP+Myry1TuT8igmMu

Score
10/10
quasarslavespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.1.0

Botnet

Slave

C2

runderscore00-42512.portmap.io:42512

Mutex

QSR_MUTEX_aYgVTolyJfnSo2kPQj

Attributes
  • encryption_key

    PK7SpR1WESSqHBwmTfVi

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Neo.exe

    • Size

      348KB

    • MD5

      1e7a43037ad795c85258f3543636cae6

    • SHA1

      634d8def0e80e4791698d7e94b20dd8c5aba063c

    • SHA256

      cdd44caceb600c73a01b95c572142a59a35a23b1fb8e8e70cf920140366d3d09

    • SHA512

      443dc2ea997bc3dc51371313161ab9990ac3a1eed30cd2f414e08c9fdbc32c36a2b97813759b67394b3de8f19649256d8a1e1d87636efee065f8fc5487a71853

    • SSDEEP

      6144:ILL3HRsM+OFZcAHCJbFnrMr1TuT8igmMu:OVP+Myry1TuT8igmMu

    Score
    10/10
    quasarslavespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks