Overview

overview

10

Static

static

10

Quasar v1....e.html

windows10-1703-x64

1

Quasar v1....to.dll

windows10-1703-x64

1

Quasar v1....ok.dll

windows10-1703-x64

1

Quasar v1....db.dll

windows10-1703-x64

1

Quasar v1....db.dll

windows10-1703-x64

1

Quasar v1....ks.dll

windows10-1703-x64

1

Quasar v1....il.dll

windows10-1703-x64

1

Quasar v1....at.dll

windows10-1703-x64

1

Quasar v1....on.dll

windows10-1703-x64

1

Quasar v1....ar.exe

windows10-1703-x64

10

Quasar v1....xe.xml

windows10-1703-x64

1

Quasar v1....ib.dll

windows10-1703-x64

1

Quasar v1....nt.exe

windows10-1703-x64

10

Quasar v1....et.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quasar.v1.4.1.zip

  • Size

    3.3MB

  • Sample

    230527-16pb7adc48

  • MD5

    13aa4bf4f5ed1ac503c69470b1ede5c1

  • SHA1

    c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

  • SHA256

    4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

  • SHA512

    767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

  • SSDEEP

    49152:lYLmNgMh/9yUsRFeWMyYISDSwtfxZQNemi57PdHmeFINp/lFnsDbNFNepL6DJo+J:mL9U1yUUQykOQ91XFYBlR8P9d5uNJo9

Score
10/10
quasarspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Targets

    • Target

      Quasar v1.4.1/3rdPartyLicenses/BouncyCastle_license.html

    • Size

      1KB

    • MD5

      bf8d5a737e70dd3493a475b8672f14df

    • SHA1

      01d35be1b65293f7ca43ee1045424599923ab54a

    • SHA256

      6b73c0a42d138d1f05b527c7b936e79af9f44a55d52e35f912da15c0dea43d30

    • SHA512

      ecc23ef88b80944ed135233118db167bf5dc161b0392af25ae846010f9993673bbdb62f88bf6de24dc060a48a0cfe96be261d30f5dac2705ed0f01d987fe24b8

    Score
    1/10
    behavioral1

    • Target

      Quasar v1.4.1/BouncyCastle.Crypto.dll

    • Size

      3.2MB

    • MD5

      0cf454b6ed4d9e46bc40306421e4b800

    • SHA1

      9611aa929d35cbd86b87e40b628f60d5177d2411

    • SHA256

      e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42

    • SHA512

      85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048

    • SSDEEP

      49152:JIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9Y:6BbBWIgWljGxRB/LLY

    Score
    1/10
    behavioral2

    • Target

      Quasar v1.4.1/Gma.System.MouseKeyHook.dll

    • Size

      56KB

    • MD5

      bfb3bd1cb571360435100bfa6ed2b997

    • SHA1

      1325e8dd76180a165117e04da4ee4a020e996880

    • SHA256

      a67a424013544c8270c12633e2e1e287cd5cf0b3f2e81e8d8204b37a03da59ef

    • SHA512

      ae5a88a9e86b9e64b8c289213f814586dfa5fe5e0cc21bdbc3e48c36d81fa9e763c6e78f24e40df07696228270ad72f408846125e61e33cae867ef8ff88a3c15

    • SSDEEP

      768:qYnDJGdu2oE3d7ltSl+Y8sCcm8Doi/L0CPw87qquEZ+r3FhuiFJ8G:VncoU48/AzPwYpNZ6rXJ8G

    Score
    1/10
    behavioral3

    • Target

      Quasar v1.4.1/Mono.Cecil.Mdb.dll

    • Size

      42KB

    • MD5

      1c6aca0f1b1fa1661fc1e43c79334f7c

    • SHA1

      ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d

    • SHA256

      411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b

    • SHA512

      1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76

    • SSDEEP

      768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS

    Score
    1/10
    behavioral4

    • Target

      Quasar v1.4.1/Mono.Cecil.Pdb.dll

    • Size

      87KB

    • MD5

      6d5eb860c2be5dbeb470e7d3f3e7dda4

    • SHA1

      80c76660b87c52127b1a7da48e27700f75362041

    • SHA256

      447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4

    • SHA512

      64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5

    • SSDEEP

      1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO

    Score
    1/10
    behavioral5

    • Target

      Quasar v1.4.1/Mono.Cecil.Rocks.dll

    • Size

      27KB

    • MD5

      6e7f0f4fff6c49e3f66127c23b7f1a53

    • SHA1

      14a529f8c7ee9f002d1e93dcf8ff158ab74c7e1a

    • SHA256

      2e2623319bdc362974a78ea4a43f4893011ec257884d24267f4594142fcd436e

    • SHA512

      0c773da6717dd6919cd6241d3cee26ab00bb61ea2dbeff24844a067af4c87ff5cbdb2fe3ada5db4707cee921b3fb353bd12ee22b8490597d4f67ad39bace235e

    • SSDEEP

      384:70ve8JOuJ5iC7n2NwxEXCni+VXcMeDz8PmR1ugLoaeuLMBG9UphJAprjE3uFLHa9:7+m4iCyrXOhG8uRssveum1pMFLHFBvd

    Score
    1/10
    behavioral6

    • Target

      Quasar v1.4.1/Mono.Cecil.dll

    • Size

      350KB

    • MD5

      de69bb29d6a9dfb615a90df3580d63b1

    • SHA1

      74446b4dcc146ce61e5216bf7efac186adf7849b

    • SHA256

      f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

    • SHA512

      6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

    • SSDEEP

      6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD

    Score
    1/10
    behavioral7

    • Target

      Quasar v1.4.1/Open.Nat.dll

    • Size

      68KB

    • MD5

      cc6f6503d29a99f37b73bfd881de8ae0

    • SHA1

      92d3334898dbb718408f1f134fe2914ef666ce46

    • SHA256

      0b1e0d8f87f557b52315d98c1f4727e539f5120d20b4ca9edba548983213fbb5

    • SHA512

      7f4c0a35b612b864ad9bc6a46370801ed7433424791622bf77bf47d6a776cb6a49e4977b34725ead5d0feaa1c9516db2ca75cb8872c77a8f2fab6c37740b681f

    • SSDEEP

      768:sF6vHHLFkywkNh5qtHMjkCifoydVXw5FxusiolecziijiSvD+ZGFa4Pw6OdrGHUm:8GmyJNh0tbt3MLQ9W2rG0Ydd

    Score
    1/10
    behavioral8

    • Target

      Quasar v1.4.1/Quasar.Common.dll

    • Size

      62KB

    • MD5

      2185564051ea2e046d9f711ed3cd93ff

    • SHA1

      2f2d7fd470da6d126582ad80df2802aabd6c9cea

    • SHA256

      de930a748e4dc08c851ba0a22afce8dcfd0f15f23b291f9306c8ef6ccd7460a2

    • SHA512

      00af241c1f89b478e66d758db26ed0a413b690d695abf91211b5cbc3985133632327ea0fc41140bd61d02271b6aa278a8e8f539d8ca6ce94972aef50c1a9c868

    • SSDEEP

      768:hiF6Vg9HIxFMu9brfp0kUEb9k/pUHRfp0YDpb4rILMgYY44YYXINk6I+QyIFLwSu:h9Nc7firfS0kE5Ia8I4Z

    Score
    1/10
    behavioral9

    • Target

      Quasar v1.4.1/Quasar.exe

    • Size

      1.2MB

    • MD5

      12ebf922aa80d13f8887e4c8c5e7be83

    • SHA1

      7f87a80513e13efd45175e8f2511c2cd17ff51e8

    • SHA256

      43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e

    • SHA512

      fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275

    • SSDEEP

      12288:IwPs012cBBBYiL9l/bFfpBBBBBBBBBBBBcA:jBBBYiLvzFfpBBBBBBBBBBBBcA

    Score
    10/10
    quasarspywaretrojan
    behavioral10

    • Target

      Quasar v1.4.1/Quasar.exe.config

    • Size

      176B

    • MD5

      c8cd50e8472b71736e6543f5176a0c12

    • SHA1

      0bd6549820de5a07ac034777b3de60021121405e

    • SHA256

      b44739eeff82db2b575a45b668893e2fe8fdd24a709cbf0554732fd3520b2190

    • SHA512

      6e8f77fcca5968788cc9f73c9543ce9ab7b416372bc681093aa8a3aad43af1f06c56fcbc296c7897a3654b86a6f9d0e8b0fe036677cf290957924377bc177d9f

    Score
    1/10
    behavioral11

    • Target

      Quasar v1.4.1/Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      944ce5123c94c66a50376e7b37e3a6a6

    • SHA1

      a1936ac79c987a5ba47ca3d023f740401f73529b

    • SHA256

      7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

    • SHA512

      4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

    • SSDEEP

      1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3

    Score
    1/10
    behavioral12

    • Target

      Quasar v1.4.1/client.bin

    • Size

      3.1MB

    • MD5

      f4d16cfe4cad388255e43f258329f805

    • SHA1

      fe7cc6c9eb76b5ad97867b46d053fae601fd4a2d

    • SHA256

      8fb6ae3496d4ac025eab443d3e322b0faa3461d25b54093c9205d35746e3250e

    • SHA512

      867045eac0f7765e6bea51e62bc4ed68b1e81ce6c2843d2e08714eb391a8ac94c2571c09828286252248400ea5c12bffa50a25c8ec5ad9e6d0bb836320ec188f

    • SSDEEP

      49152:4nb7+y2FqZaVmN+PqlhU/mevlL1nYtsCeAcxUuxG2THHB72eh2NT:4nf+y2FqZaVmN+PqlhU//vlL1Yts3Bx

    Score
    10/10
    quasarspywaretrojan
    behavioral13

    • Target

      Quasar v1.4.1/protobuf-net.dll

    • Size

      282KB

    • MD5

      abc82ae4f579a0bbfa2a93db1486eb38

    • SHA1

      faa645b92e3de7037c23e99dd2101ef3da5756e5

    • SHA256

      ca6608346291ec82ee4acf8017c90e72db2ee7598015f695120c328d25319ec6

    • SHA512

      e06ee564fdd3fe2e26b0dec744a969a94e4b63a2e37692a7dcc244cb7949b584d895e9d3766ea52c9fe72b7a31dacf4551f86ea0d7c987b80903ff43be9faed3

    • SSDEEP

      3072:yRAISQ1tRSVB3zpKTEPn6Rc0qus/6GMzzeSXLifsE2s58IB7aoqng5YnDBzs39AH:yRFD1niy6n6KwhO5mIYpnNzgGD0u

    Score
    1/10
    behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks