quasar | f32dd96babd3723f5a6bc5a917f72c7a349887b6605e74502916d49a5c9a3651 | Triage

Sharing

General

Target

f32dd96babd3723f5a6bc5a917f72c7a349887b6605e74502916d49a5c9a3651
Size

288KB
Sample

210228-pjz1j4x8lx
MD5

76cd1b88c6733077ad4a083e4f0062d8
SHA1

41a3f7ef0cf5383a52770a2774ab1853e11e32de
SHA256

f32dd96babd3723f5a6bc5a917f72c7a349887b6605e74502916d49a5c9a3651
SHA512

e93725c13f8bedf227e690ff70e06b0a522671e74225448dac8363bdf1a90c564430892a9870c869e222401ec98b336cc45d029812997dfc4fbae1f67a2a18a8

Score

10^/10

quasar spyware trojan

Malware Config

Targets

- Target
  
  f32dd96babd3723f5a6bc5a917f72c7a349887b6605e74502916d49a5c9a3651
- Size
  
  288KB
- MD5
  
  76cd1b88c6733077ad4a083e4f0062d8
- SHA1
  
  41a3f7ef0cf5383a52770a2774ab1853e11e32de
- SHA256
  
  f32dd96babd3723f5a6bc5a917f72c7a349887b6605e74502916d49a5c9a3651
- SHA512
  
  e93725c13f8bedf227e690ff70e06b0a522671e74225448dac8363bdf1a90c564430892a9870c869e222401ec98b336cc45d029812997dfc4fbae1f67a2a18a8
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarspywaretrojan

behavioral2

quasarspywaretrojan