Extracted

• • Target

    d3709777baef696ae4502fc371784000200245d6769ba94e1a80d21d2b800358

  • Size

    1.7MB

  • MD5

    21eedc621939b5e997b75196b6621b03

  • SHA1

    f3fc557364510567815a5e53730a339cc68b572d

  • SHA256

    d3709777baef696ae4502fc371784000200245d6769ba94e1a80d21d2b800358

  • SHA512

    05daf1bb49ffd48daf36957ae1b2e8a5f49033b809f0c400fdb1a0d3a492d91e638c0d0253fdbf2bd2af6e0991b3b63d83264a8e7ad195d50e2637cac3f7ec5f

  • SSDEEP

    24576:PUxJIRCRoenYQb6VOJ8Kgn1beVuumyEU:

  Score

  10^/10

  quasarciopersistencespywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2