quasar | cf09bc45a7101670e26f9468d7425a42880ee539626b1653216c4ceb4a89b7fb | Triage

Submit
Reports

Overview

overview

Static

static

Timsistem_...17.exe

windows7_x64

Timsistem_...17.exe

windows10_x64

Sharing

General

Target

Timsistem_Product_Specifications - 2020.07.17.exe
Size

759KB
Sample

200717-habvcmhrpx
MD5

6998368a7e9f5e063f5b5a0090112545
SHA1

c7659c9e1b683d7044267b6960a30ca6473ca945
SHA256

cf09bc45a7101670e26f9468d7425a42880ee539626b1653216c4ceb4a89b7fb
SHA512

d5044c8d53cfa2483b9f923fd2eca3f9c50ff97712ac36a2d33792ef7fc5ee9cbf504128d9a280130668cadb49b132f6de278fdbbc58b18ee07b5ee0e3bc210e

Score

10^/10

quasar spyware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Timsistem_Product_Specifications - 2020.07.17.exe

Resource

win7

quasar spyware trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Timsistem_Product_Specifications - 2020.07.17.exe

Resource

win10

quasar spyware trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Timsistem_Product_Specifications - 2020.07.17.exe
- Size
  
  759KB
- MD5
  
  6998368a7e9f5e063f5b5a0090112545
- SHA1
  
  c7659c9e1b683d7044267b6960a30ca6473ca945
- SHA256
  
  cf09bc45a7101670e26f9468d7425a42880ee539626b1653216c4ceb4a89b7fb
- SHA512
  
  d5044c8d53cfa2483b9f923fd2eca3f9c50ff97712ac36a2d33792ef7fc5ee9cbf504128d9a280130668cadb49b132f6de278fdbbc58b18ee07b5ee0e3bc210e
Score

10^/10

quasar spyware trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarspywaretrojanupx

behavioral2

quasarspywaretrojanupx

© 2018-2024

Terms | Privacy