quasar | 5ab1aac03c053e025319aac9bbe317a163d56bf4657819c6a43ffb97099ec322 | Triage

Submit
Reports

Overview

overview

Static

static

7411c8d367...b7.exe

windows7_x64

7411c8d367...b7.exe

windows10_x64

Sharing

General

Target

7411c8d36761ca9edc88373cfc7a3cb7.exe
Size

347KB
Sample

211222-xgzvvagfdk
MD5

7411c8d36761ca9edc88373cfc7a3cb7
SHA1

8b31d6b61ee03da19817d3ffd59c0aa41ef32d81
SHA256

5ab1aac03c053e025319aac9bbe317a163d56bf4657819c6a43ffb97099ec322
SHA512

37f29a792ca641f29144032575f7f42ced5345c541cbdad33e935ef7b5b70d6b5623196596587be95ef00a86a58d604c295c1fcc4a9b159b80cc273fe1623342

Score

10^/10

quasar success spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

7411c8d36761ca9edc88373cfc7a3cb7.exe

Resource

win7-en-20211208

quasar success spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7411c8d36761ca9edc88373cfc7a3cb7.exe

Resource

win10-en-20211208

quasar success spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

SUCCESS

C2

jerenyankipong.duckdns.org:4782

Mutex

MUTEX_jh9iPmixBt74IpSqEj

Attributes

encryption_key
uO9yacYVMmi8921rParX
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
cmd
subdirectory
SubDir

Targets

- Target
  
  7411c8d36761ca9edc88373cfc7a3cb7.exe
- Size
  
  347KB
- MD5
  
  7411c8d36761ca9edc88373cfc7a3cb7
- SHA1
  
  8b31d6b61ee03da19817d3ffd59c0aa41ef32d81
- SHA256
  
  5ab1aac03c053e025319aac9bbe317a163d56bf4657819c6a43ffb97099ec322
- SHA512
  
  37f29a792ca641f29144032575f7f42ced5345c541cbdad33e935ef7b5b70d6b5623196596587be95ef00a86a58d604c295c1fcc4a9b159b80cc273fe1623342
Score

10^/10

quasar success spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarsuccessspywaretrojan

behavioral2

quasarsuccessspywaretrojan

© 2018-2024

Terms | Privacy