quasar | cd2a19b6db25d50aa3413300fe5d1183a082a388e9b12d47fbb6ef765e1c819a | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7_x64

tmp.exe

windows10-2004_x64

Sharing

General

Target

tmp
Size

505KB
Sample

220302-dpm2gacfa2
MD5

56fdac38d6004e0bc5fb2d5c961322e2
SHA1

470111decd8883231c720a05eab77032e8b77250
SHA256

cd2a19b6db25d50aa3413300fe5d1183a082a388e9b12d47fbb6ef765e1c819a
SHA512

3c9f4534c275f09935dc38853e9733145ade98ef53cb4d6f7cd4d530d938c4e00117f995778d343285e3e2829fbceab3681e43772cff91fba7d41ba81c3a60dc

Score

10^/10

quasar new1 spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-en-20211208

quasar new1 spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-en-20220112

quasar new1 spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

new1

C2

bigrussianfloppa.duckdns.org:1004

Mutex

a8db07ed-e16a-4405-a04c-3980d567bfdb

Attributes

encryption_key
49FAF85C97BB43AF1E641011D48AB0EBC58C478E
install_name
java.exe
log_directory
logz
reconnect_delay
300
startup_key
Java
subdirectory
JavaTools

Targets

- Target
  
  tmp
- Size
  
  505KB
- MD5
  
  56fdac38d6004e0bc5fb2d5c961322e2
- SHA1
  
  470111decd8883231c720a05eab77032e8b77250
- SHA256
  
  cd2a19b6db25d50aa3413300fe5d1183a082a388e9b12d47fbb6ef765e1c819a
- SHA512
  
  3c9f4534c275f09935dc38853e9733145ade98ef53cb4d6f7cd4d530d938c4e00117f995778d343285e3e2829fbceab3681e43772cff91fba7d41ba81c3a60dc
Score

10^/10

quasar new1 spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarnew1spywaretrojan

behavioral2

quasarnew1spywaretrojan

© 2018-2024

Terms | Privacy