quasar | 382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3 | Triage

Submit
Reports

Overview

overview

Static

static

382204c078...e3.exe

windows7_x64

382204c078...e3.exe

windows10-2004_x64

Sharing

General

Target

382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3
Size

337KB
Sample

220625-zvgyaseac3
MD5

8674e8fd878a92e92a479b931235bb72
SHA1

dfc652402b4791b81379326b0881cd0a2e613169
SHA256

382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3
SHA512

6d36b398d1f964b3b2f0ce5fdd1a0a04e7997b8fa8295912f31d4e26a50dee75197303df34d92915fa5bb57a5df4d486dcff7d312bd5064425cd27218b4e094c

Score

10^/10

quasar revengerat ceo spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3.exe

Resource

win7-20220414-en

quasar revengerat ceo spyware suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3.exe

Resource

win10v2004-20220414-en

quasar ceo spyware suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

CEO

C2

23.249.161.211:1714

Mutex

ymuFePGjPK2s7dyOvO

Attributes

encryption_key
H5mirEGEuwM1G7u6Z7Pb
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3
- Size
  
  337KB
- MD5
  
  8674e8fd878a92e92a479b931235bb72
- SHA1
  
  dfc652402b4791b81379326b0881cd0a2e613169
- SHA256
  
  382204c078672bfae8b2c7f123e7cd735c3dd428f49446817973820cb0f2e5e3
- SHA512
  
  6d36b398d1f964b3b2f0ce5fdd1a0a04e7997b8fa8295912f31d4e26a50dee75197303df34d92915fa5bb57a5df4d486dcff7d312bd5064425cd27218b4e094c
Score

10^/10

quasar revengerat ceo spyware suricata trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata: ET MALWARE Common RAT Connectivity Check Observed
  suricata
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarrevengeratceospywaresuricatatrojan

behavioral2

quasarceospywaresuricatatrojan

© 2018-2024

Terms | Privacy