quasar | b3d9c42ce3abed0eea37473f512e3a573a2f7e29f3eaa203dcc1572d733ff898 | Triage

Sharing

General

Target

svchost.exe
Size

267KB
Sample

210418-p81eyb5hv2
MD5

275d9f11168d6b0a8369dc5a9ff0f7ea
SHA1

ab18df17e0e0b234730cf1c9119268f49923c8bb
SHA256

b3d9c42ce3abed0eea37473f512e3a573a2f7e29f3eaa203dcc1572d733ff898
SHA512

6fb49e6e56f5387ca510fd93ff7336a218452917129a8e1602975a08556980004b2b13a57eee039eff5f77103ee2350adb366988ed414021e7bc3f9935c3a297

Score

10^/10

quasar persistence spyware trojan

Malware Config

Targets

- Target
  
  svchost.exe
- Size
  
  267KB
- MD5
  
  275d9f11168d6b0a8369dc5a9ff0f7ea
- SHA1
  
  ab18df17e0e0b234730cf1c9119268f49923c8bb
- SHA256
  
  b3d9c42ce3abed0eea37473f512e3a573a2f7e29f3eaa203dcc1572d733ff898
- SHA512
  
  6fb49e6e56f5387ca510fd93ff7336a218452917129a8e1602975a08556980004b2b13a57eee039eff5f77103ee2350adb366988ed414021e7bc3f9935c3a297
Score

10^/10

quasar persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarpersistencespywaretrojan

behavioral2

quasarpersistencespywaretrojan