quasar | 262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada | Triage

Submit
Reports

Overview

overview

Static

static

262c4b94a1...da.exe

windows7_x64

262c4b94a1...da.exe

windows10-2004_x64

Sharing

General

Target

262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
Size

299KB
Sample

220616-ldhxdafbe8
MD5

bb73586cedd8767a216880ba2a7c7750
SHA1

84a6c6c4908088349d5042f1a57374df7a8469f1
SHA256

262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
SHA512

721bf82d3dfc0b2943283c7c8c4bac7afe54e4e2d1772cf27a254e5bbb6bb89d9dd5c2464a026de8d838d455187cfac0a0864d7ec8d77273d96a4ba92afb07cd

Score

10^/10

quasar revengerat ceo spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada.exe

Resource

win7-20220414-en

quasar revengerat ceo spyware suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada.exe

Resource

win10v2004-20220414-en

quasar ceo spyware suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

CEO

C2

worldwide567678.zapto.org:1714

Mutex

Hroy95BxsKwWGMw1fF

Attributes

encryption_key
xFdMg8u08utwhtKUrD9B
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
- Size
  
  299KB
- MD5
  
  bb73586cedd8767a216880ba2a7c7750
- SHA1
  
  84a6c6c4908088349d5042f1a57374df7a8469f1
- SHA256
  
  262c4b94a1c528e8363f05beb57b03783ae33d61b3fa2ad4e7815d70d9781ada
- SHA512
  
  721bf82d3dfc0b2943283c7c8c4bac7afe54e4e2d1772cf27a254e5bbb6bb89d9dd5c2464a026de8d838d455187cfac0a0864d7ec8d77273d96a4ba92afb07cd
Score

10^/10

quasar revengerat ceo spyware suricata trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarrevengeratceospywaresuricatatrojan

behavioral2

quasarceospywaresuricatatrojan

© 2018-2024

Terms | Privacy