quasar | 3c22aced502398a94ad0c44fbdb1eb78e96a500e39af497ff6c7a9f9c512ef25 | Triage

Submit
Reports

Overview

overview

Static

static

1

Remover.bat

windows7-x64

1

Remover.bat

windows10-2004-x64

Sharing

General

Target

Remover.bat
Size

4.4MB
Sample

230520-tq5kxafh6w
MD5

f3aa3ff4c657d03f217b05e3de5cfe0f
SHA1

f39fe9fecd327901aceb32d55979fb49300a907a
SHA256

3c22aced502398a94ad0c44fbdb1eb78e96a500e39af497ff6c7a9f9c512ef25
SHA512

99ef3dba1ccd41f4284a2026edd400acff7ec0fb13652e8da71a17417a2c7ed571a227559b3f7b5991f7aa79cd883d14cd6cf17582095633597ed826ffcdd637
SSDEEP

24576:DuFAc9dtV23GygMMgqMPGBpQdLZF4VxNB6bu6T4Llm8H2fNjx/YNcQq3NON5BOze:ppgMlWQojUWxw94oa

Score

10^/10

quasar slave spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Remover.bat

Resource

win7-20230220-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Remover.bat

Resource

win10v2004-20230221-en

quasar slave spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

5.180.180.66:4782

Mutex

28d5f0ab-9c9d-4762-9e41-3c5ccbfcffae

Attributes

encryption_key
5484AD7AC17743300FB1AC39869E7C36DF7762A0
install_name
MicrosoftEdge.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Edge
subdirectory
Edge

Targets

- Target
  
  Remover.bat
- Size
  
  4.4MB
- MD5
  
  f3aa3ff4c657d03f217b05e3de5cfe0f
- SHA1
  
  f39fe9fecd327901aceb32d55979fb49300a907a
- SHA256
  
  3c22aced502398a94ad0c44fbdb1eb78e96a500e39af497ff6c7a9f9c512ef25
- SHA512
  
  99ef3dba1ccd41f4284a2026edd400acff7ec0fb13652e8da71a17417a2c7ed571a227559b3f7b5991f7aa79cd883d14cd6cf17582095633597ed826ffcdd637
- SSDEEP
  
  24576:DuFAc9dtV23GygMMgqMPGBpQdLZF4VxNB6bu6T4Llm8H2fNjx/YNcQq3NON5BOze:ppgMlWQojUWxw94oa
Score

10^/10

quasar slave spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

quasarslavespywaretrojan

© 2018-2024

Terms | Privacy