quasar | d1051935a532ce6813099c06cc359aa1e02cb1f0e341583b3ec3253186e33a80 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

405KB
Sample

230604-qsjvfach8t
MD5

5d28f72d1aad116bab07c41530e7734a
SHA1

1b0a277f8bbb8dbee1e791cda8c134d138ce0c38
SHA256

d1051935a532ce6813099c06cc359aa1e02cb1f0e341583b3ec3253186e33a80
SHA512

39b9acaa7fbc7c6d1393d734cfec2fb3bda58abecaaed5b4c8d51cefc46e353fbbf5520ce6acb9ef2464ec1c529cc8ee4bad7b05a224caad1b1854087d2f807b
SSDEEP

6144:R+iBrrx0Bua4fRbLHp6t/ixYbaZZWstTC/2pQLrUwlYh:FBrP0hiHHtO/GWrUwlYh

Score

10^/10

quasar namesystem spyware trojan

Static task

static1

namesystem quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20230220-en

quasar namesystem spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20230220-en

quasar namesystem spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

NameSystem

C2

bobbawb1000.duckdns.org:23092

Mutex

32m2kfpPHGN1CMuUm

Attributes

encryption_key
bhThH4m2frhSbvbgSILD
install_name
dirsys.exe
log_directory
Logs
reconnect_delay
3000
startup_key
dirsys
subdirectory
DirSys

Targets

- Target
  
  Client-built.exe
- Size
  
  405KB
- MD5
  
  5d28f72d1aad116bab07c41530e7734a
- SHA1
  
  1b0a277f8bbb8dbee1e791cda8c134d138ce0c38
- SHA256
  
  d1051935a532ce6813099c06cc359aa1e02cb1f0e341583b3ec3253186e33a80
- SHA512
  
  39b9acaa7fbc7c6d1393d734cfec2fb3bda58abecaaed5b4c8d51cefc46e353fbbf5520ce6acb9ef2464ec1c529cc8ee4bad7b05a224caad1b1854087d2f807b
- SSDEEP
  
  6144:R+iBrrx0Bua4fRbLHp6t/ixYbaZZWstTC/2pQLrUwlYh:FBrP0hiHHtO/GWrUwlYh
Score

10^/10

quasar namesystem spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

namesystemquasar

behavioral1

quasarnamesystemspywaretrojan

behavioral2

quasarnamesystemspywaretrojan

© 2018-2024

Terms | Privacy