quasar | 064abdb50b3a06bc95b60e28b37e371af3ab7fe0918e5337713d94a686d25740 | Triage

Submit
Reports

Overview

overview

Static

static

0x000b0000...41.exe

windows7-x64

0x000b0000...41.exe

windows10-2004-x64

Sharing

General

Target

0x000b000000013a03-341.dat
Size

502KB
Sample

221101-m3jewabbc2
MD5

254850c126b7dd70bc258b16a5fa029c
SHA1

993c0147f75530ae0d3c45a971abe71eb0a8a68e
SHA256

064abdb50b3a06bc95b60e28b37e371af3ab7fe0918e5337713d94a686d25740
SHA512

eb2d44ee1c67c247fc184f38764c762a04266773d8669e488d78f0a777d28c26a31033d8b1ec5bc36896f4ef8098fa641210919798bd2722a5b15e2dd1bba8cf
SSDEEP

6144:dTEgdc0Y2X7IxUpGREWln6OmdBizR5EtqD+yw4FUcEJOb8F9o46cIZFcTR3+:dTEgdfYXxUc6OBw4qyw15pedcIDcd+

Score

10^/10

quasar r77version spyware trojan

Static task

static1

r77version quasar

2 signatures

Behavioral task

behavioral1

Sample

0x000b000000013a03-341.exe

Resource

win7-20220812-en

quasar r77version spyware trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x000b000000013a03-341.exe

Resource

win10v2004-20220812-en

quasar r77version spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

r77Version

C2

179.43.187.19:2326

Mutex

d6db683c-9b85-4417-b1a3-4ff8bec1d98b

Attributes

encryption_key
83FE26AAD844F101036726AFCD7F28CF377D20AF
install_name
$77Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
$77Client
subdirectory
$77win

Targets

- Target
  
  0x000b000000013a03-341.dat
- Size
  
  502KB
- MD5
  
  254850c126b7dd70bc258b16a5fa029c
- SHA1
  
  993c0147f75530ae0d3c45a971abe71eb0a8a68e
- SHA256
  
  064abdb50b3a06bc95b60e28b37e371af3ab7fe0918e5337713d94a686d25740
- SHA512
  
  eb2d44ee1c67c247fc184f38764c762a04266773d8669e488d78f0a777d28c26a31033d8b1ec5bc36896f4ef8098fa641210919798bd2722a5b15e2dd1bba8cf
- SSDEEP
  
  6144:dTEgdc0Y2X7IxUpGREWln6OmdBizR5EtqD+yw4FUcEJOb8F9o46cIZFcTR3+:dTEgdfYXxUc6OBw4qyw15pedcIDcd+
Score

10^/10

quasar r77version spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

r77versionquasar

behavioral1

quasarr77versionspywaretrojan

behavioral2

quasarr77versionspywaretrojan

© 2018-2024

Terms | Privacy