quasar | 8386ce0e691153f7de97e4903b8b9955beca49b1abfd1f3b5613a77f4073f4d8 | Triage

Submit
Reports

Overview

overview

Static

static

8386CE0E69...D1.exe

windows7-x64

8386CE0E69...D1.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8386CE0E691153F7DE97E4903B8B9955BECA49B1ABFD1.exe
Size

502KB
Sample

230304-2chszsfa69
MD5

2e8dde7817c9438c831c39d470507dda
SHA1

34bc8c79ddf3960c9a6a6604e9d8293b685a2fc7
SHA256

8386ce0e691153f7de97e4903b8b9955beca49b1abfd1f3b5613a77f4073f4d8
SHA512

0eb6f58097cf7d13d996c50e74429a525899c8766666772707730685a19472e09c7a1a46de67065cd85f06701fe3678f40923b828cea67ed5efd703232ef2f67
SSDEEP

6144:RTEgdc0YWX7IxUpGREWVwGzubzjKlh/EKpxwQHocE0Db8F9v+xPo8hf3cTR3e:RTEgdfY3xUKwfb0Rxwk44O8hf3cde

Score

10^/10

quasar 8882 spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8386CE0E691153F7DE97E4903B8B9955BECA49B1ABFD1.exe

Resource

win7-20230220-en

quasar 8882 spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8386CE0E691153F7DE97E4903B8B9955BECA49B1ABFD1.exe

Resource

win10v2004-20230220-en

quasar 8882 spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

8882

C2

me.hansang.me:808

Mutex

5f609853-86c8-4cdd-a225-1f2ab545a652

Attributes

encryption_key
D79EFEAF55C90AEA4C0EB53B87A66A499BADB764
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost Startup
subdirectory
SubDir

Targets

- Target
  
  8386CE0E691153F7DE97E4903B8B9955BECA49B1ABFD1.exe
- Size
  
  502KB
- MD5
  
  2e8dde7817c9438c831c39d470507dda
- SHA1
  
  34bc8c79ddf3960c9a6a6604e9d8293b685a2fc7
- SHA256
  
  8386ce0e691153f7de97e4903b8b9955beca49b1abfd1f3b5613a77f4073f4d8
- SHA512
  
  0eb6f58097cf7d13d996c50e74429a525899c8766666772707730685a19472e09c7a1a46de67065cd85f06701fe3678f40923b828cea67ed5efd703232ef2f67
- SSDEEP
  
  6144:RTEgdc0YWX7IxUpGREWVwGzubzjKlh/EKpxwQHocE0Db8F9v+xPo8hf3cTR3e:RTEgdfY3xUKwfb0Rxwk44O8hf3cde
Score

10^/10

quasar 8882 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasar8882spywaretrojan

behavioral2

quasar8882spywaretrojan

© 2018-2025

Terms | Privacy