quasar | 5aa187357d7fd3e33f6f6780809f14f33d2808f8510d0c4ba63952c8574410e6 | Triage

Submit
Reports

Overview

overview

Static

static

5

5aa187357d...e6.exe

windows7_x64

5aa187357d...e6.exe

windows10-2004_x64

Sharing

General

Target

5aa187357d7fd3e33f6f6780809f14f33d2808f8510d0c4ba63952c8574410e6
Size

1.3MB
Sample

220525-ay2z7sdda4
MD5

289b643e1a46d2b8de76323db780b6cf
SHA1

ef7ff8a8a634319e57043a35a9c3a9aa062f8a93
SHA256

5aa187357d7fd3e33f6f6780809f14f33d2808f8510d0c4ba63952c8574410e6
SHA512

6353d2a666d5b99d9e6e22cbe9fafb4a0640ade812c3c613bde47ceea612eefc5ef835051b88163edad7a8a49b861ee8847f5a663a9b1049b5578293ccb74a04

Score

10^/10

quasar revengerat office spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

5aa187357d7fd3e33f6f6780809f14f33d2808f8510d0c4ba63952c8574410e6.exe

Resource

win7-20220414-en

quasar revengerat office spyware suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5aa187357d7fd3e33f6f6780809f14f33d2808f8510d0c4ba63952c8574410e6.exe

Resource

win10v2004-20220414-en

quasar revengerat office spyware suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

46.249.59.99:111

Mutex

mz2wiNFAWq1HjJ2fUn

Attributes

encryption_key
8DIs0SbdWcImnvHm2I9I
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Targets

- Target
  
  5aa187357d7fd3e33f6f6780809f14f33d2808f8510d0c4ba63952c8574410e6
- Size
  
  1.3MB
- MD5
  
  289b643e1a46d2b8de76323db780b6cf
- SHA1
  
  ef7ff8a8a634319e57043a35a9c3a9aa062f8a93
- SHA256
  
  5aa187357d7fd3e33f6f6780809f14f33d2808f8510d0c4ba63952c8574410e6
- SHA512
  
  6353d2a666d5b99d9e6e22cbe9fafb4a0640ade812c3c613bde47ceea612eefc5ef835051b88163edad7a8a49b861ee8847f5a663a9b1049b5578293ccb74a04
Score

10^/10

quasar revengerat office spyware suricata trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarrevengeratofficespywaresuricatatrojan

behavioral2

quasarrevengeratofficespywaresuricatatrojan

© 2018-2024

Terms | Privacy