quasar | 78a881cbc86ce0458d8db0eae0c92a8e016537796ef3ab7928037f4a51d4ca2f | Triage

Submit
Reports

Overview

overview

Static

static

smokeweed.vbs

windows7_x64

smokeweed.vbs

windows10_x64

Sharing

General

Target

smokeweed.vbs
Size

3KB
Sample

210226-6kehkyxxrj
MD5

07b8be238ea7e4d28ab60dd6c485f663
SHA1

73c2226a8592f0a729a837013d40e5b55ecb4415
SHA256

78a881cbc86ce0458d8db0eae0c92a8e016537796ef3ab7928037f4a51d4ca2f
SHA512

9d1bcf4a17c4b7986e2fec74f0d4ba020ea2e4933ff9cad19a639d87f0998a32439a227bcd55bf37d08886276a11ede28f06a60af12b6a368b5cdbd2544cf7a0

Score

10^/10

quasar spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

smokeweed.vbs

Resource

win7v20201028

quasar spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

smokeweed.vbs

Resource

win10v20201028

quasar spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  smokeweed.vbs
- Size
  
  3KB
- MD5
  
  07b8be238ea7e4d28ab60dd6c485f663
- SHA1
  
  73c2226a8592f0a729a837013d40e5b55ecb4415
- SHA256
  
  78a881cbc86ce0458d8db0eae0c92a8e016537796ef3ab7928037f4a51d4ca2f
- SHA512
  
  9d1bcf4a17c4b7986e2fec74f0d4ba020ea2e4933ff9cad19a639d87f0998a32439a227bcd55bf37d08886276a11ede28f06a60af12b6a368b5cdbd2544cf7a0
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarspywaretrojan

behavioral2

quasarspywaretrojan

© 2018-2024

Terms | Privacy