quasar | 70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
Size

14KB
Sample

211103-xyb54sbfhq
MD5

9860743c4ff83784de05aa8444594aed
SHA1

517ab424f9f6ee8de223e396691f1cb3b2d01a09
SHA256

70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
SHA512

cae8c9f056f7556d30e170caca7b4146baf00eaa32b6d2fac8659d2547d97e1461ee8cce0b123db02d5497faf9e12057d5daa530b4b8e722d73c66e769064b88

Score

10^/10

quasar helper spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35.exe

Resource

win10-en-20211014

quasar helper spyware suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

helper

C2

41.79.11.214:61032

Mutex

307d89ac-968f-48de-a3b3-0c81d2cf4d4a

Attributes

encryption_key
0D0F7891BD61AE0C503175723ADA783C9973F3B8
install_name
DllHelper.exe
log_directory
Logs
reconnect_delay
5000
startup_key
DllHelper
subdirectory
DllHelper

Targets

- Target
  
  70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
- Size
  
  14KB
- MD5
  
  9860743c4ff83784de05aa8444594aed
- SHA1
  
  517ab424f9f6ee8de223e396691f1cb3b2d01a09
- SHA256
  
  70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
- SHA512
  
  cae8c9f056f7556d30e170caca7b4146baf00eaa32b6d2fac8659d2547d97e1461ee8cce0b123db02d5497faf9e12057d5daa530b4b8e722d73c66e769064b88
Score

10^/10

quasar helper spyware suricata trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarhelperspywaresuricatatrojan

© 2018-2025

Terms | Privacy