quasar | 4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa | Triage

Submit
Reports

Overview

overview

Static

static

4e9e02f9b5...fa.exe

windows7_x64

4e9e02f9b5...fa.exe

windows10-2004_x64

Sharing

General

Target

4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
Size

348KB
Sample

220524-tw2q7shdg5
MD5

6e5fef5da8810aa3fffad5a486c68cf3
SHA1

70f6507e9b2644fbcb75c78c6660dbdca4da5ef0
SHA256

4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
SHA512

94dec0822aef151ec843732e9f13d550c59bb4575f8fff7822f5c2bf4d36854dc0c4061dbbcd6c2377aaac77ad86aa48092515fdc7388148e76db96f8417d027

Score

10^/10

quasar system spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa.exe

Resource

win10v2004-20220414-en

quasar system spyware suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.1.0.0

Botnet

System

C2

82.202.167.203:4444

Mutex

xTSR_MUTEX_JOBXsgj4pMGMmIDVNc

Attributes

encryption_key
eu7tm2CUeFG5FGwJlQkW
install_name
core.exe
log_directory
logs
reconnect_delay
3000
startup_key
System Core
subdirectory
system

Targets

- Target
  
  4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
- Size
  
  348KB
- MD5
  
  6e5fef5da8810aa3fffad5a486c68cf3
- SHA1
  
  70f6507e9b2644fbcb75c78c6660dbdca4da5ef0
- SHA256
  
  4e9e02f9b59d580cee08f8f3e7804f7a8f8b12c93e027ba6fd211ac4815e98fa
- SHA512
  
  94dec0822aef151ec843732e9f13d550c59bb4575f8fff7822f5c2bf4d36854dc0c4061dbbcd6c2377aaac77ad86aa48092515fdc7388148e76db96f8417d027
Score

10^/10

suricata quasar system spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

quasarsystemspywaresuricatatrojan

© 2018-2024

Terms | Privacy