quasar | 4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f | Triage

Submit
Reports

Overview

overview

Static

static

4a1bb7243d...3f.exe

windows7_x64

4a1bb7243d...3f.exe

windows10-2004_x64

Sharing

General

Target

4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
Size

348KB
Sample

220324-kce9esedf8
MD5

4e22eda5918426ccbc58319c13978906
SHA1

080d364b894ee591be92afa782db2ae93192bea9
SHA256

4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
SHA512

03cc56592add96ea7d3fc592308c4043558b17b55cbe520c5e24764fb489dabfdbe51910a59d537b795073cb1ed6b10a3b703b68bf4a24fcfa91b91c3c875901

Score

10^/10

quasar test1 persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f.exe

Resource

win7-20220311-en

quasar test1 persistence spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f.exe

Resource

win10v2004-20220310-en

quasar test1 spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Test1

C2

sharaga.ddns.net:25565

81.1.158.128:25565

Mutex

QSR_MUTEX_2Wq2bcpv2N4Sls5IAl

Attributes

encryption_key
3IYxH0O6qCkTu1k47KTz
install_name
java.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Java
subdirectory
.minecraft

Targets

- Target
  
  4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
- Size
  
  348KB
- MD5
  
  4e22eda5918426ccbc58319c13978906
- SHA1
  
  080d364b894ee591be92afa782db2ae93192bea9
- SHA256
  
  4a1bb7243d93faccacfdf4a5b329d31a176521857158e951132caadd8a84083f
- SHA512
  
  03cc56592add96ea7d3fc592308c4043558b17b55cbe520c5e24764fb489dabfdbe51910a59d537b795073cb1ed6b10a3b703b68bf4a24fcfa91b91c3c875901
Score

10^/10

quasar test1 persistence spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasartest1persistencespywaretrojan

behavioral2

quasartest1spywaretrojan

© 2018-2024

Terms | Privacy