quasar | f34f7d8f9488ce6e2438c88f64d262b0529a25519c3ecb947fa28147a81507d8 | Triage

Submit
Reports

Overview

overview

Static

static

F34F7D8F94...EC.exe

windows7-x64

F34F7D8F94...EC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

F34F7D8F9488CE6E2438C88F64D262B0529A25519C3EC.exe
Size

502KB
Sample

230415-vwz32sgd9y
MD5

797722758bc54671176f4ae1894e403a
SHA1

5cac11545515f1452614297a41e18411f083eac6
SHA256

f34f7d8f9488ce6e2438c88f64d262b0529a25519c3ecb947fa28147a81507d8
SHA512

dac39d79388f8d39ebc894f10a33683daead08f658ab3eae9eb969dc21c3b469d05f078a9b36ae12aebb019cbe3f15e203fe6ee24a706ac62183b2b251ab1938
SSDEEP

12288:PTEgdfYvdo6ngiDp4kyw5mpG4W8UecdT:4UwVH/pyw5mpOEcdT

Score

10^/10

quasar ctfmon spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

F34F7D8F9488CE6E2438C88F64D262B0529A25519C3EC.exe

Resource

win7-20230220-en

quasar ctfmon spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

F34F7D8F9488CE6E2438C88F64D262B0529A25519C3EC.exe

Resource

win10v2004-20230220-en

quasar ctfmon spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

ctfmon

C2

firewall.trustedvpnservices.com:39583

Mutex

3b144aca-60f9-4bcb-b4a6-716e4a5e2f1c

Attributes

encryption_key
3237D2016D901477C3F2D8FDF94D0482E3E52621
install_name
ctfmon.exe
log_directory
Logs
reconnect_delay
3000
startup_key
ctfmon
subdirectory
Microsoft\Windows\Start Menu\Programs\Startup

Targets

- Target
  
  F34F7D8F9488CE6E2438C88F64D262B0529A25519C3EC.exe
- Size
  
  502KB
- MD5
  
  797722758bc54671176f4ae1894e403a
- SHA1
  
  5cac11545515f1452614297a41e18411f083eac6
- SHA256
  
  f34f7d8f9488ce6e2438c88f64d262b0529a25519c3ecb947fa28147a81507d8
- SHA512
  
  dac39d79388f8d39ebc894f10a33683daead08f658ab3eae9eb969dc21c3b469d05f078a9b36ae12aebb019cbe3f15e203fe6ee24a706ac62183b2b251ab1938
- SSDEEP
  
  12288:PTEgdfYvdo6ngiDp4kyw5mpG4W8UecdT:4UwVH/pyw5mpOEcdT
Score

10^/10

quasar ctfmon spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Drops startup file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarctfmonspywaretrojan

behavioral2

quasarctfmonspywaretrojan

© 2018-2025

Terms | Privacy