quasar | a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1 | Triage

Submit
Reports

Overview

overview

Static

static

a0824896a6...c1.exe

windows7_x64

a0824896a6...c1.exe

windows10_x64

Sharing

General

Target

a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
Size

1.0MB
Sample

210922-qk4vmscgd7
MD5

d9ae9f8e6be0c1d7c70a1d1b86f44a8c
SHA1

1564057c68ed04ffe76aa192e867ed40cd868840
SHA256

a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
SHA512

d13a512177f86e9a3de60c6b525175005870d5c1536f9e2af80da0c881314d3833b7140e777c65950d71053907f4608237f595490372e5e003fc9c3925786e2b

Score

10^/10

quasar venom client microsoft phishing spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1.exe

Resource

win7-en-20210920

quasar venom client spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1.exe

Resource

win10-en-20210920

quasar venom client microsoft phishing spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

2.8.0.1

Botnet

Venom Client

C2

192.168.0.149:4455

Mutex

PNMCyu2XSzVny0gdTw

Attributes

encryption_key
aPDdCEtQpHs1yTAHJZ1B
install_name
Venom.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Venom Client Startup
subdirectory

Targets

- Target
  
  a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
- Size
  
  1.0MB
- MD5
  
  d9ae9f8e6be0c1d7c70a1d1b86f44a8c
- SHA1
  
  1564057c68ed04ffe76aa192e867ed40cd868840
- SHA256
  
  a0824896a6cb88bb0459cd54f5085056cfd2c9733b5cdc75623615e5d61f86c1
- SHA512
  
  d13a512177f86e9a3de60c6b525175005870d5c1536f9e2af80da0c881314d3833b7140e777c65950d71053907f4608237f595490372e5e003fc9c3925786e2b
Score

10^/10

quasar venom client spyware trojan microsoft phishing
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarvenom clientspywaretrojan

behavioral2

quasarvenom clientmicrosoftphishingspywaretrojan

© 2018-2024

Terms | Privacy