quasar | aa2d99486c626b387ecc3878f14c7ae474b0f11baa16ba5099bfcbc8f91769e7 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

297KB
Sample

230608-q3vppafg65
MD5

93f801058bb061be32af8c525baea538
SHA1

b2351a923fb9cdaa8e99028dcb923bcbfbe3310f
SHA256

aa2d99486c626b387ecc3878f14c7ae474b0f11baa16ba5099bfcbc8f91769e7
SHA512

61cb9175c8842faf107f8794f312173bba25f3371549b10751f36d23ab56690924a473d5f5b91f778256be1c2e86db61956ee6f0e6c50a178b157e5393c31c73
SSDEEP

6144:OOiBrrr6ddrSm3+Nw+v/i7bbD/TVz/SnawT:4BruhOni7DBz/SnawT

Score

10^/10

quasar fbsystem spyware trojan

Static task

static1

fbsystem quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20230220-en

quasar fbsystem spyware trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20230221-en

quasar fbsystem spyware trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

fbsystem

C2

5.tcp.eu.ngrok.io:12819

Mutex

1285744062619928830

Attributes

encryption_key
QntjD0xW34hYkmLnJhDR
install_name
fbsystem.exe
log_directory
Logs
reconnect_delay
3000
startup_key
fbsystem
subdirectory
fbsystem

Targets

- Target
  
  Client-built.exe
- Size
  
  297KB
- MD5
  
  93f801058bb061be32af8c525baea538
- SHA1
  
  b2351a923fb9cdaa8e99028dcb923bcbfbe3310f
- SHA256
  
  aa2d99486c626b387ecc3878f14c7ae474b0f11baa16ba5099bfcbc8f91769e7
- SHA512
  
  61cb9175c8842faf107f8794f312173bba25f3371549b10751f36d23ab56690924a473d5f5b91f778256be1c2e86db61956ee6f0e6c50a178b157e5393c31c73
- SSDEEP
  
  6144:OOiBrrr6ddrSm3+Nw+v/i7bbD/TVz/SnawT:4BruhOni7DBz/SnawT
Score

10^/10

quasar fbsystem spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

quasarfbsystemspywaretrojan

behavioral2

quasarfbsystemspywaretrojan

© 2018-2024

Terms | Privacy