quasar | 101ca6d2527a7ccbbf730ecdf911bfb509a5705c75966f43b10fa7689b60306a | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.mp.exe

windows7-x64

Client-built.mp.exe

windows10-2004-x64

Sharing

General

Target

Client-built.mp.exe
Size

100.0MB
Sample

230604-rhphlscd56
MD5

7fa51dbc125354cb761cffe80bb9197d
SHA1

9eaf112b2c1071c7cb47701f858db113197fc5c1
SHA256

101ca6d2527a7ccbbf730ecdf911bfb509a5705c75966f43b10fa7689b60306a
SHA512

130c355dfce059f0d0587fcee12afc2195ed7187c36fe254c99b451237b8266494972106b507cefc387a7a368644527a83dff66b6b70f41a83e62c85fa2f34d5
SSDEEP

24576:W/uKMSmNn4nLuM2iyASjiOv7Qb7m9Bn78Y6jXANKWIwk52CvSa4JVxx:W/SNH5KanyEkW

Score

10^/10

quasar fbsystem spyware trojan

Static task

static1

fbsystem quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.mp.exe

Resource

win7-20230220-en

quasar fbsystem spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.mp.exe

Resource

win10v2004-20230220-en

quasar fbsystem spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

fbsystem

C2

bobbawb1000.duckdns.org:23092

Mutex

1285744062619928830

Attributes

encryption_key
DaKwT5hTDvGHU1fEyTZ3
install_name
fbsystem.exe
log_directory
Logs
reconnect_delay
3000
startup_key
fbsystem
subdirectory
fbsystem

Targets

- Target
  
  Client-built.mp.exe
- Size
  
  100.0MB
- MD5
  
  7fa51dbc125354cb761cffe80bb9197d
- SHA1
  
  9eaf112b2c1071c7cb47701f858db113197fc5c1
- SHA256
  
  101ca6d2527a7ccbbf730ecdf911bfb509a5705c75966f43b10fa7689b60306a
- SHA512
  
  130c355dfce059f0d0587fcee12afc2195ed7187c36fe254c99b451237b8266494972106b507cefc387a7a368644527a83dff66b6b70f41a83e62c85fa2f34d5
- SSDEEP
  
  24576:W/uKMSmNn4nLuM2iyASjiOv7Qb7m9Bn78Y6jXANKWIwk52CvSa4JVxx:W/SNH5KanyEkW
Score

10^/10

quasar fbsystem spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarfbsystemspywaretrojan

behavioral2

quasarfbsystemspywaretrojan

© 2018-2024

Terms | Privacy