quasar | 70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
Size

14KB
Sample

211103-xyb54sbfhq
MD5

9860743c4ff83784de05aa8444594aed
SHA1

517ab424f9f6ee8de223e396691f1cb3b2d01a09
SHA256

70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
SHA512

cae8c9f056f7556d30e170caca7b4146baf00eaa32b6d2fac8659d2547d97e1461ee8cce0b123db02d5497faf9e12057d5daa530b4b8e722d73c66e769064b88

Score

10^/10

quasar helper spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35.exe

Resource

win10-en-20211014

quasar helper spyware suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

helper

C2

41.79.11.214:61032

Mutex

307d89ac-968f-48de-a3b3-0c81d2cf4d4a

Attributes

encryption_key
0D0F7891BD61AE0C503175723ADA783C9973F3B8
install_name
DllHelper.exe
log_directory
Logs
reconnect_delay
5000
startup_key
DllHelper
subdirectory
DllHelper

Targets

- Target
  
  70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
- Size
  
  14KB
- MD5
  
  9860743c4ff83784de05aa8444594aed
- SHA1
  
  517ab424f9f6ee8de223e396691f1cb3b2d01a09
- SHA256
  
  70da41b661dc8de4e8cd1bde0f17f434433115bffad2fb762205b734acd4ed35
- SHA512
  
  cae8c9f056f7556d30e170caca7b4146baf00eaa32b6d2fac8659d2547d97e1461ee8cce0b123db02d5497faf9e12057d5daa530b4b8e722d73c66e769064b88
Score

10^/10

quasar helper spyware suricata trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
  suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarhelperspywaresuricatatrojan

© 2018-2024

Terms | Privacy