quasar | 7c7dce6e70752136091a003af64e199ca226b65136ea7403fee158f5458e07f4 | Triage

Submit
Reports

Overview

overview

Static

static

7C7DCE6E70...A7.exe

windows7-x64

7C7DCE6E70...A7.exe

windows10-2004-x64

Sharing

General

Target

7C7DCE6E70752136091A003AF64E199CA226B65136EA7.exe
Size

3.1MB
Sample

230101-t9ylpscc23
MD5

5106cc8b676f99d94f020c3416c4419e
SHA1

1f232fc810f3430cbd582b15c3624f7719d25f78
SHA256

7c7dce6e70752136091a003af64e199ca226b65136ea7403fee158f5458e07f4
SHA512

05a4893909d78a2d78ff4ba00827d73417f328e6fa7691a05dafb2d79433bc17a4e5d399174da02fdda9d3ef406c8c3d8fb28e8d4d9efa669be70912a957a6d8
SSDEEP

49152:z0an44t3co4c+ZgE09xV0QYHyv6NWPHHB72eh2NT:z0A44t3co43gE09x2U

Score

10^/10

quasar bot spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7C7DCE6E70752136091A003AF64E199CA226B65136EA7.exe

Resource

win7-20220812-en

quasar bot spyware trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

7C7DCE6E70752136091A003AF64E199CA226B65136EA7.exe

Resource

win10v2004-20220812-en

quasar bot spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

bot

C2

67.191.63.138:4781

Mutex

5e71212f-3f9b-4da2-b7e1-c0a0e90d92f3

Attributes

encryption_key
69F476AEBC36CDCB235187230CF3F99552BD1703
install_name
tasker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
tasker
subdirectory
Tasks

Targets

- Target
  
  7C7DCE6E70752136091A003AF64E199CA226B65136EA7.exe
- Size
  
  3.1MB
- MD5
  
  5106cc8b676f99d94f020c3416c4419e
- SHA1
  
  1f232fc810f3430cbd582b15c3624f7719d25f78
- SHA256
  
  7c7dce6e70752136091a003af64e199ca226b65136ea7403fee158f5458e07f4
- SHA512
  
  05a4893909d78a2d78ff4ba00827d73417f328e6fa7691a05dafb2d79433bc17a4e5d399174da02fdda9d3ef406c8c3d8fb28e8d4d9efa669be70912a957a6d8
- SSDEEP
  
  49152:z0an44t3co4c+ZgE09xV0QYHyv6NWPHHB72eh2NT:z0A44t3co43gE09x2U
Score

10^/10

quasar bot spyware trojan stealer
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarbotspywaretrojan

behavioral2

quasarbotspywarestealertrojan

© 2018-2024

Terms | Privacy