quasar | e3e9ec3c78971e8899852421651eafa00ab2cc04a2f11022bde16b4c6628a771 | Triage

Submit
Reports

Overview

overview

Static

static

8

QQWUO898519.xls

windows7_x64

QQWUO898519.xls

windows10_x64

Sharing

General

Target

QQWUO898519.xls
Size

39KB
Sample

201126-yz3eb76lzs
MD5

69544579d4a9498c3cd2b9c9aea28ef2
SHA1

a306c59cd211d8b7bd85e47106d35aba7958c803
SHA256

e3e9ec3c78971e8899852421651eafa00ab2cc04a2f11022bde16b4c6628a771
SHA512

9eea4efcaf9ac62c01d29adf37e618d16b4a9b8e53e70ca53d37cb7c7c5956e73f6e0043b2b416146124724f7fce64398e27d2f6feea4bbab7f5d311c21a001e

Score

10^/10

quasar macro spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

QQWUO898519.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

QQWUO898519.xls

Resource

win10v20201028

quasar spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://paste.ee/r/O1pw3

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

httPs://z.zz.ht/k5BuP.txt

ps1.dropper

httPs://paste.ee/r/LQdRk

Targets

- Target
  
  QQWUO898519.xls
- Size
  
  39KB
- MD5
  
  69544579d4a9498c3cd2b9c9aea28ef2
- SHA1
  
  a306c59cd211d8b7bd85e47106d35aba7958c803
- SHA256
  
  e3e9ec3c78971e8899852421651eafa00ab2cc04a2f11022bde16b4c6628a771
- SHA512
  
  9eea4efcaf9ac62c01d29adf37e618d16b4a9b8e53e70ca53d37cb7c7c5956e73f6e0043b2b416146124724f7fce64398e27d2f6feea4bbab7f5d311c21a001e
Score

10^/10

quasar spyware trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Blacklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

quasarspywaretrojan

© 2018-2024

Terms | Privacy