quasar | ee8fe0d59eccb5a8eb288a57e6aea41dc2e5e4c95a25a434fd5e08155f321ea7 | Triage

Submit
Reports

Overview

overview

Static

static

SecurityHe...ay.exe

windows7-x64

SecurityHe...ay.exe

windows10-2004-x64

Sharing

General

Target

SecurityHealthSystray.exe
Size

353KB
Sample

230605-bdhw9seh6w
MD5

7a9add7e6f6fa0bd8df9a7ec2b8cfb2a
SHA1

011c64eb4445b1b2e5a4bebcd0aa72e993497e73
SHA256

ee8fe0d59eccb5a8eb288a57e6aea41dc2e5e4c95a25a434fd5e08155f321ea7
SHA512

0702f304f3bbc9a45111dd3069c9799176a8ecc5d97351fddd55f01b472e095602c72e8db813b1ee93017fb122aee2f4670288227a0cf4d7e6f1b6d6ea6c19ac
SSDEEP

6144:OuIDkAT6QSkszJqfj5D4dasv6ursybbIQyeZgoCR85fR7SwXnM:t6iksqDwYUPn5fRS8M

Score

10^/10

quasar discord retards spyware trojan

Static task

static1

discord retards quasar

3 signatures

Behavioral task

behavioral1

Sample

SecurityHealthSystray.exe

Resource

win7-20230220-en

quasar discord retards spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecurityHealthSystray.exe

Resource

win10v2004-20230220-en

quasar discord retards spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Discord Retards

C2

consider-brochure.at.ply.gg:27804

Mutex

QSR_MUTEX_yEihaOvZEzneMMUBSr

Attributes

encryption_key
X5HxVSWdjmOnUtl2t2X8
install_name
SercurityHealthSystray.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SecurityHealthSystray
subdirectory
SubDir

Targets

- Target
  
  SecurityHealthSystray.exe
- Size
  
  353KB
- MD5
  
  7a9add7e6f6fa0bd8df9a7ec2b8cfb2a
- SHA1
  
  011c64eb4445b1b2e5a4bebcd0aa72e993497e73
- SHA256
  
  ee8fe0d59eccb5a8eb288a57e6aea41dc2e5e4c95a25a434fd5e08155f321ea7
- SHA512
  
  0702f304f3bbc9a45111dd3069c9799176a8ecc5d97351fddd55f01b472e095602c72e8db813b1ee93017fb122aee2f4670288227a0cf4d7e6f1b6d6ea6c19ac
- SSDEEP
  
  6144:OuIDkAT6QSkszJqfj5D4dasv6ursybbIQyeZgoCR85fR7SwXnM:t6iksqDwYUPn5fRS8M
Score

10^/10

quasar discord retards spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

discord retardsquasar

behavioral1

quasardiscord retardsspywaretrojan

behavioral2

quasardiscord retardsspywaretrojan

© 2018-2024

Terms | Privacy