quasar | 35f13d8f063f086e5ef1cff022a0f1bb3daf65ed7163ec7854cc9b3c8bf46c1d | Triage

Submit
Reports

Overview

overview

Static

static

TBAG2.exe

windows7_x64

6

TBAG2.exe

windows10-2004_x64

Sharing

General

Target

TBAG2.exe
Size

163KB
Sample

220523-vpgm5abdhm
MD5

7f2a753436c357cf86cefee430626e09
SHA1

67f6f4cc1f66b7300e9692046a049efeede32dc1
SHA256

35f13d8f063f086e5ef1cff022a0f1bb3daf65ed7163ec7854cc9b3c8bf46c1d
SHA512

0e58b52adca2961b69f5e53b3f5d705b20131723f5c1244d0103a66a40616757693cf992384c0f61ba5e9f2c205ebc97a93791167cf6ba95d7280c10208403e4

Score

10^/10

quasar someone discovery persistence pyinstaller spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

TBAG2.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TBAG2.exe

Resource

win10v2004-20220414-en

quasar someone discovery persistence pyinstaller spyware trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Someone

C2

192.168.2.114:4782

Mutex

33bbb393-2876-451f-99b3-219386c5c0e9

Attributes

encryption_key
2E5172990D74D1F134C8172466E0375E463B76FD
install_name
winmanager.exe
log_directory
properties
reconnect_delay
3000
startup_key
WinManager
subdirectory
Windows Manager

Targets

- Target
  
  TBAG2.exe
- Size
  
  163KB
- MD5
  
  7f2a753436c357cf86cefee430626e09
- SHA1
  
  67f6f4cc1f66b7300e9692046a049efeede32dc1
- SHA256
  
  35f13d8f063f086e5ef1cff022a0f1bb3daf65ed7163ec7854cc9b3c8bf46c1d
- SHA512
  
  0e58b52adca2961b69f5e53b3f5d705b20131723f5c1244d0103a66a40616757693cf992384c0f61ba5e9f2c205ebc97a93791167cf6ba95d7280c10208403e4
Score

10^/10

persistence quasar someone discovery pyinstaller spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

quasarsomeonediscoverypersistencepyinstallerspywaretrojan

© 2018-2024

Terms | Privacy