quasar | 980c16ace3de850ecab59d309e5e36ccc876ca917b2ae282f07a92c7cb75e973 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

980c16ace3de850ecab59d309e5e36ccc876ca917b2ae282f07a92c7cb75e973
Size

429KB
Sample

211219-r67dbsgeb2
MD5

9421080325b399fe52f19a5069176df0
SHA1

64ef50ff83a597c5dfedc850528922e9afd9874a
SHA256

980c16ace3de850ecab59d309e5e36ccc876ca917b2ae282f07a92c7cb75e973
SHA512

4275f4050e027c922249af8c199e5bf6ff3c1511ecb71608cfd9b867b3819a0d372ddac910a8a4187e969f88fd030185ebf94ce33023cd8a16b40c894816e5a2

Score

10^/10

quasar hacked persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

980c16ace3de850ecab59d309e5e36ccc876ca917b2ae282f07a92c7cb75e973.exe

Resource

win10-en-20211208

quasar hacked persistence spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Hacked

C2

shadowhost.ddns.net:36000

Mutex

hsZQSoSXcLWLWzB5Tq

Attributes

encryption_key
qtt3efuuXlzXZe7rvxla
install_name
Runtime Broker.exe
log_directory
KeysLOGGER Logs
reconnect_delay
3000
startup_key
System
subdirectory
SystemMain

Targets

- Target
  
  980c16ace3de850ecab59d309e5e36ccc876ca917b2ae282f07a92c7cb75e973
- Size
  
  429KB
- MD5
  
  9421080325b399fe52f19a5069176df0
- SHA1
  
  64ef50ff83a597c5dfedc850528922e9afd9874a
- SHA256
  
  980c16ace3de850ecab59d309e5e36ccc876ca917b2ae282f07a92c7cb75e973
- SHA512
  
  4275f4050e027c922249af8c199e5bf6ff3c1511ecb71608cfd9b867b3819a0d372ddac910a8a4187e969f88fd030185ebf94ce33023cd8a16b40c894816e5a2
Score

10^/10

quasar hacked persistence spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Drops file in Drivers directory
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarhackedpersistencespywaretrojan

© 2018-2024

Terms | Privacy