quasar | 33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d | Triage

Submit
Reports

Overview

overview

Static

static

33c50b2ae8...6d.exe

windows7_x64

33c50b2ae8...6d.exe

windows10-2004_x64

Sharing

General

Target

33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
Size

295KB
Sample

220620-alh2kaghbp
MD5

e8a1026d6d025f281c596870fc1185ad
SHA1

28e9f6bd76e161dab22829b3bff2af740de05ab1
SHA256

33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
SHA512

54ddb682f7b36aa6a514e391d296771a8c5f235e4de680d1a84961fe12b46ebd3bb83a9f775fcfe031db305d332b6db4669b12d55e284d178eb0d9bd859fca73

Score

10^/10

quasar revengerat ceo spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d.exe

Resource

win7-20220414-en

quasar revengerat ceo spyware suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d.exe

Resource

win10v2004-20220414-en

quasar ceo spyware suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

CEO

C2

198.46.235.194:1417

Mutex

Hzd5ohpHyz0j9jlmB2

Attributes

encryption_key
jKwpd9T86gptPthTAlIq
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
- Size
  
  295KB
- MD5
  
  e8a1026d6d025f281c596870fc1185ad
- SHA1
  
  28e9f6bd76e161dab22829b3bff2af740de05ab1
- SHA256
  
  33c50b2ae8165306ced86dd1dc8e97aef377d1cb4b1297dec91940489a580d6d
- SHA512
  
  54ddb682f7b36aa6a514e391d296771a8c5f235e4de680d1a84961fe12b46ebd3bb83a9f775fcfe031db305d332b6db4669b12d55e284d178eb0d9bd859fca73
Score

10^/10

quasar revengerat ceo spyware suricata trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarrevengeratceospywaresuricatatrojan

behavioral2

quasarceospywaresuricatatrojan

© 2018-2024

Terms | Privacy