quasar | 84c3dc415b33a603a95326c1fc0334642c9be314c47479012edacb6c1fbf278a | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-1703-x64

Resubmissions

13-02-2023 05:37

230213-gbnydsae5t 10

13-02-2023 05:34

230213-f9gfjaae4s 10

Sharing

General

Target

Client-built.exe
Size

502KB
Sample

230213-gbnydsae5t
MD5

5237b93d2d17acaf7a267b15fc0ccbe1
SHA1

6043203d6b444e2a5b7fe987b174de399e86506f
SHA256

84c3dc415b33a603a95326c1fc0334642c9be314c47479012edacb6c1fbf278a
SHA512

9db8957bef2cf0ec1b623d5f51508d807224ad4e52d928e6d73cdbef15cdcaecdacf2230f0472156a9ddc80a5ae6c4203e705e4e11b29dfd767a70b4ccaf313e
SSDEEP

6144:YTEgdc0YlXAGbgiIN2RSBV9icQn1Q1bTCecEcib8F9SU5kxm1VCbcTR3W:YTEgdfY5bgJrBCeMFXSmYbcdW

Score

10^/10

quasar build spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10-20220812-en

quasar build spyware trojan

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

build

C2

license-boolean.at.ply.gg:29998

Mutex

d997b199-e165-4e11-9fc8-9f99cc4eda57

Attributes

encryption_key
C801F4FDAF210ACC5EE3523E76B50F0FB67C2020
install_name
build.exe
log_directory
Logs
reconnect_delay
3000
startup_key
windows update
subdirectory
build

Targets

- Target
  
  Client-built.exe
- Size
  
  502KB
- MD5
  
  5237b93d2d17acaf7a267b15fc0ccbe1
- SHA1
  
  6043203d6b444e2a5b7fe987b174de399e86506f
- SHA256
  
  84c3dc415b33a603a95326c1fc0334642c9be314c47479012edacb6c1fbf278a
- SHA512
  
  9db8957bef2cf0ec1b623d5f51508d807224ad4e52d928e6d73cdbef15cdcaecdacf2230f0472156a9ddc80a5ae6c4203e705e4e11b29dfd767a70b4ccaf313e
- SSDEEP
  
  6144:YTEgdc0YlXAGbgiIN2RSBV9icQn1Q1bTCecEcib8F9SU5kxm1VCbcTR3W:YTEgdfY5bgJrBCeMFXSmYbcdW
Score

10^/10

quasar build spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarbuildspywaretrojan

© 2018-2024

Terms | Privacy