Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://download2302...

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://download2302.mediafire.com/yjhq10ixpjfgzkkYQwgqQ6R6f2gWVP2WU0emUe_o0Wrbi1mZZNp60odGSSQPx7OLjXe9C_7Ob_0EUfihikfA27lh6arXNV8yu92S_gLV0S6Ipdso6CSbqB4KRIzxosSsGntJlTm3S1QNOX835qyCSyyx4QcyILuf7WdoCmdNw2fAsw/ncw1btoynpsezya/Remover.bat

  • Sample

    230520-r8cxhafe3v

Score
10/10
quasarslavepersistencespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

5.180.180.66:4782

Mutex

28d5f0ab-9c9d-4762-9e41-3c5ccbfcffae

Attributes
  • encryption_key

    5484AD7AC17743300FB1AC39869E7C36DF7762A0

  • install_name

    MicrosoftEdge.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Edge

  • subdirectory

    Edge

Targets

    • Target

      https://download2302.mediafire.com/yjhq10ixpjfgzkkYQwgqQ6R6f2gWVP2WU0emUe_o0Wrbi1mZZNp60odGSSQPx7OLjXe9C_7Ob_0EUfihikfA27lh6arXNV8yu92S_gLV0S6Ipdso6CSbqB4KRIzxosSsGntJlTm3S1QNOX835qyCSyyx4QcyILuf7WdoCmdNw2fAsw/ncw1btoynpsezya/Remover.bat

    Score
    10/10
    quasarslavepersistencespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks