quasar | 857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff | Triage

Submit
Reports

Overview

overview

Static

static

857e38c608...ff.exe

windows7_x64

857e38c608...ff.exe

windows10-2004_x64

Sharing

General

Target

857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
Size

401KB
Sample

220312-v1lq8abafn
MD5

e514b9b328bcebbfafc9a9f9bded8324
SHA1

45e608a882de0a203ddde9ff5efa2b79ca48350c
SHA256

857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
SHA512

548698b0f45b5e080ea7a9903f51399290c11f9f31e3633351d48304ddba5363a1065a8f32114db124963827e902558cdab4f0ca9ca26b4ba118e46b16b4a703

Score

10^/10

quasar revengerat zenoxpu spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff.exe

Resource

win7-20220311-en

quasar zenoxpu spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff.exe

Resource

win10v2004-en-20220113

quasar revengerat zenoxpu spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

3.0

Botnet

ZenoXpu

C2

185.153.222.198:7845

Mutex

HIFbOBRX8hIfqiy4wu

Attributes

encryption_key
DQXvqTzM5uyODUsZK174
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
- Size
  
  401KB
- MD5
  
  e514b9b328bcebbfafc9a9f9bded8324
- SHA1
  
  45e608a882de0a203ddde9ff5efa2b79ca48350c
- SHA256
  
  857e38c6089c96d19061c1df7b39a22d42b8962e065b6b652a8a3c2246c7bdff
- SHA512
  
  548698b0f45b5e080ea7a9903f51399290c11f9f31e3633351d48304ddba5363a1065a8f32114db124963827e902558cdab4f0ca9ca26b4ba118e46b16b4a703
Score

10^/10

quasar zenoxpu spyware trojan revengerat
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarzenoxpuspywaretrojan

behavioral2

quasarrevengeratzenoxpuspywaretrojan

© 2018-2024

Terms | Privacy