quasar | 5dd3a4cd00a5c5ce6335975b1541a39067f8c34f407202d7d631214bbfe47094 | Triage

Submit
Reports

Overview

overview

Static

static

5dd3a4cd00...94.exe

windows7_x64

5dd3a4cd00...94.exe

windows10-2004_x64

Sharing

General

Target

5dd3a4cd00a5c5ce6335975b1541a39067f8c34f407202d7d631214bbfe47094
Size

9.0MB
Sample

220516-p7rm6aehfm
MD5

987bb8bcc92a914d249989e8cca3b2e9
SHA1

d09cfc64e1e7b22eb99fcc77c35d0286dfa74d26
SHA256

5dd3a4cd00a5c5ce6335975b1541a39067f8c34f407202d7d631214bbfe47094
SHA512

23d5356cfbbb8ad8e43e9d1a038f2c30a226fbb43b98bd1062317550bdee099aef51d1ede79781e449f8349b02bc1e67d604342995e89f03d8e3c4be061ea0bd

Score

10^/10

quasar business spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

5dd3a4cd00a5c5ce6335975b1541a39067f8c34f407202d7d631214bbfe47094.exe

Resource

win7-20220414-en

quasar business spyware suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5dd3a4cd00a5c5ce6335975b1541a39067f8c34f407202d7d631214bbfe47094.exe

Resource

win10v2004-20220414-en

quasar business spyware suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Business

C2

craft.ooguy.com:1981

Mutex

GpDg1xgoq8qb9M6Jp6

Attributes

encryption_key
bJJpHxbw80umglURXtYY
install_name
Client.exe
log_directory
4k
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  5dd3a4cd00a5c5ce6335975b1541a39067f8c34f407202d7d631214bbfe47094
- Size
  
  9.0MB
- MD5
  
  987bb8bcc92a914d249989e8cca3b2e9
- SHA1
  
  d09cfc64e1e7b22eb99fcc77c35d0286dfa74d26
- SHA256
  
  5dd3a4cd00a5c5ce6335975b1541a39067f8c34f407202d7d631214bbfe47094
- SHA512
  
  23d5356cfbbb8ad8e43e9d1a038f2c30a226fbb43b98bd1062317550bdee099aef51d1ede79781e449f8349b02bc1e67d604342995e89f03d8e3c4be061ea0bd
Score

10^/10

quasar business spyware suricata trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarbusinessspywaresuricatatrojan

behavioral2

quasarbusinessspywaresuricatatrojan

© 2018-2024

Terms | Privacy