quasar | 5c395df95b067f10c115f92e193d7f61bc6ce05eefb20bfc86aac86f278e0600 | Triage

Submit
Reports

Overview

overview

Static

static

5c395df95b...00.vbs

windows10_x64

Sharing

General

Target

5c395df95b067f10c115f92e193d7f61bc6ce05eefb20bfc86aac86f278e0600.vbs
Size

1KB
Sample

211017-h3hfcscdg9
MD5

010eb448243fbab8334a1c528ec2e356
SHA1

35c7cb4272dd30c97711284673b60e9bf8aa105e
SHA256

5c395df95b067f10c115f92e193d7f61bc6ce05eefb20bfc86aac86f278e0600
SHA512

846869584bd44dfe8cbc96bb4e6a32e3a317a027646e4715253c226147941c1f934d0927e6a92262717a07cb77aa76e5c20721c72702cc4ded98523c954ce127

Score

10^/10

quasar 8 spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

5c395df95b067f10c115f92e193d7f61bc6ce05eefb20bfc86aac86f278e0600.vbs

Resource

win10-en-20210920

quasar 8 spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

8

C2

3.36.121.136:4782

Mutex

QSR_MUTEX_2buErdxrYVW8JvhTM4

Attributes

encryption_key
HHPAsaGEK7mx9XJmMzI4
install_name
Client.exe
log_directory
Logs
reconnect_delay
10
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  5c395df95b067f10c115f92e193d7f61bc6ce05eefb20bfc86aac86f278e0600.vbs
- Size
  
  1KB
- MD5
  
  010eb448243fbab8334a1c528ec2e356
- SHA1
  
  35c7cb4272dd30c97711284673b60e9bf8aa105e
- SHA256
  
  5c395df95b067f10c115f92e193d7f61bc6ce05eefb20bfc86aac86f278e0600
- SHA512
  
  846869584bd44dfe8cbc96bb4e6a32e3a317a027646e4715253c226147941c1f934d0927e6a92262717a07cb77aa76e5c20721c72702cc4ded98523c954ce127
Score

10^/10

quasar 8 spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasar8spywaretrojan

© 2018-2024

Terms | Privacy