quasar | a5d114be9a4e5f601a6d855b25b7e206d60f55f9a605ad1c8ebafd964fa1ed70 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

230530-r91pysab78
MD5

59821db4fc3efdd9d78185a16efa5917
SHA1

9a53b49c3e42a83e6833c0da4107bae862b4d6b9
SHA256

a5d114be9a4e5f601a6d855b25b7e206d60f55f9a605ad1c8ebafd964fa1ed70
SHA512

d3d0f978a50edbe669b68ece5ba183b75bcfa701185370682227501daf643ee08fa22f7e540f00c604459f986b73e11601401c11ed48b8f50ed5fe848af4fd29
SSDEEP

49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEVTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi

Score

10^/10

quasar bob681 spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20230220-en

quasar bob681 spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20230220-en

quasar bob681 spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Bob681

C2

181.215.176.73:59955

Mutex

4a19a6ac-9ac6-4cbd-ab2f-1e469ebe93aa

Attributes

encryption_key
01A024E271E79DC5F555EC503C0E2AB6090246F2
install_name
repl.exe
log_directory
Logs
reconnect_delay
3000
startup_key
replstart
subdirectory
repl

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  59821db4fc3efdd9d78185a16efa5917
- SHA1
  
  9a53b49c3e42a83e6833c0da4107bae862b4d6b9
- SHA256
  
  a5d114be9a4e5f601a6d855b25b7e206d60f55f9a605ad1c8ebafd964fa1ed70
- SHA512
  
  d3d0f978a50edbe669b68ece5ba183b75bcfa701185370682227501daf643ee08fa22f7e540f00c604459f986b73e11601401c11ed48b8f50ed5fe848af4fd29
- SSDEEP
  
  49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEVTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi
Score

10^/10

quasar bob681 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarbob681spywaretrojan

behavioral2

quasarbob681spywaretrojan

© 2018-2024

Terms | Privacy