quasar | c226b13ea5921343c742ea33df610ade6eba2dadae990b6e9c83be783f7990c7 | Triage

Submit
Reports

Overview

overview

Static

static

1

KolmiFix.exe

windows7-x64

1

KolmiFix.exe

windows10-2004-x64

Sharing

General

Target

KolmiFix.exe
Size

17KB
Sample

230403-qcgedaeh76
MD5

6848af88e476c5d9a324497e75adf6ac
SHA1

b1179f55827d2d363b21eab7212a185c65391735
SHA256

c226b13ea5921343c742ea33df610ade6eba2dadae990b6e9c83be783f7990c7
SHA512

d6486e7832fa5162f2f52c4cd3f3ed85b7655cea4af72ff66abeb28bbadc4d14dd29792ee417a0f6b9ad8c5ec116473208cebadeb586f6a194f348f970163a31
SSDEEP

384:pQP+u6A3q724S9ozb1cj/0tOI/V0gpn2qxxwE0QXNVlRfJXNnPpf6CSusRfen:pYt6bb1cz0tOI/V0gpn2qxxwE33bPhbz

Score

10^/10

quasar windows11 bootkit persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

KolmiFix.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

KolmiFix.exe

Resource

win10v2004-20230221-en

quasar windows11 bootkit persistence spyware trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Windows11

C2

192.168.1.170:4782

Mutex

2340864e-f432-4ace-82d7-18f1f0e03221

Attributes

encryption_key
BFEEE33DB9AE972CC7CC49227AC88BA26A4D8993
install_name
Windows11.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
WindowsUpdater

Targets

- Target
  
  KolmiFix.exe
- Size
  
  17KB
- MD5
  
  6848af88e476c5d9a324497e75adf6ac
- SHA1
  
  b1179f55827d2d363b21eab7212a185c65391735
- SHA256
  
  c226b13ea5921343c742ea33df610ade6eba2dadae990b6e9c83be783f7990c7
- SHA512
  
  d6486e7832fa5162f2f52c4cd3f3ed85b7655cea4af72ff66abeb28bbadc4d14dd29792ee417a0f6b9ad8c5ec116473208cebadeb586f6a194f348f970163a31
- SSDEEP
  
  384:pQP+u6A3q724S9ozb1cj/0tOI/V0gpn2qxxwE0QXNVlRfJXNnPpf6CSusRfen:pYt6bb1cz0tOI/V0gpn2qxxwE33bPhbz
Score

10^/10

quasar windows11 bootkit persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarwindows11bootkitpersistencespywaretrojan

© 2018-2024

Terms | Privacy