quasar | a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5 | Triage

Submit
Reports

Overview

overview

Static

static

a4fcf02ada...a5.exe

windows7_x64

a4fcf02ada...a5.exe

windows10-2004_x64

Sharing

General

Target

a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
Size

289KB
Sample

220201-p39m6shgf7
MD5

b95383c1150c479a59510aa1d8b34dfa
SHA1

369de7d721168d483111783cc2cfaa6f28e04a15
SHA256

a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
SHA512

c96c47e570caeb12bf5459fca7422a69626e1a57e45c6a9fb3f09d66a4f9effada3c639e8972d29ab8a7414ec1a7767b8a2f5ba795a78658092a0c45dec89bee

Score

10^/10

quasar infected spyware trojan

Static task

static1

infected quasar

Behavioral task

behavioral1

Sample

a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5.exe

Resource

win7-en-20211208

quasar infected spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5.exe

Resource

win10v2004-en-20220113

quasar infected spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Infected

C2

noinmy.ddns.net:9999

Mutex

BW7JOTpOU1me7DhAhz

Attributes

encryption_key
cuGnTFdzZchzOboCjJyu
install_name
dashost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WinServe
subdirectory
DAF

Targets

- Target
  
  a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
- Size
  
  289KB
- MD5
  
  b95383c1150c479a59510aa1d8b34dfa
- SHA1
  
  369de7d721168d483111783cc2cfaa6f28e04a15
- SHA256
  
  a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5
- SHA512
  
  c96c47e570caeb12bf5459fca7422a69626e1a57e45c6a9fb3f09d66a4f9effada3c639e8972d29ab8a7414ec1a7767b8a2f5ba795a78658092a0c45dec89bee
Score

10^/10

quasar infected spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarinfectedspywaretrojan

behavioral2

quasarinfectedspywaretrojan

© 2018-2024

Terms | Privacy