quasar | b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5 | Triage

Submit
Reports

Overview

overview

Static

static

b267eb6c36...d5.exe

windows7_x64

b267eb6c36...d5.exe

windows10-2004_x64

Sharing

General

Target

b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
Size

579KB
Sample

220420-cvfc5shbh9
MD5

3c0dcdaaf8330afaafea0a32e7fcf796
SHA1

5afc03feeb3f7a6ab21c407390aa3b362efa298e
SHA256

b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
SHA512

1103c06205c4109ce0864dc0b63cc26c927e9b0403ef5b7968bae5db73eb89cd48a982b494911c7d47d4f978009c8a69e0c46fc2b47d8862031c1a1c39e56c7f

Score

10^/10

quasar slaves spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5.exe

Resource

win7-20220414-en

quasar slaves spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5.exe

Resource

win10v2004-20220414-en

quasar slaves spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Slaves

C2

167.99.143.40:4782

Mutex

3f22fe3b-ed4b-4d8f-aafd-0cb32a5b2a59

Attributes

encryption_key
50EBC6B1CB2169396FC0A221D6DC6B60DDBC9D1F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Start
subdirectory
SubDir

Targets

- Target
  
  b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
- Size
  
  579KB
- MD5
  
  3c0dcdaaf8330afaafea0a32e7fcf796
- SHA1
  
  5afc03feeb3f7a6ab21c407390aa3b362efa298e
- SHA256
  
  b267eb6c36004640262792e407e16c3a80e37c591ad4979730447348c662eed5
- SHA512
  
  1103c06205c4109ce0864dc0b63cc26c927e9b0403ef5b7968bae5db73eb89cd48a982b494911c7d47d4f978009c8a69e0c46fc2b47d8862031c1a1c39e56c7f
Score

10^/10

quasar slaves spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarslavesspywaretrojan

behavioral2

quasarslavesspywaretrojan

© 2018-2024

Terms | Privacy