quasar | cfba9dab9282455d194d30dad7eac6cfc5c8e5d6caf94d631ed2b01a86e3a97f | Triage

Submit
Reports

Overview

overview

Static

static

03735699.exe

windows7-x64

03735699.exe

windows10-2004-x64

Sharing

General

Target

03735699.exe
Size

2.8MB
Sample

230609-hyya1sbc92
MD5

ae2bc99fa3d39c5ce41fc2f5daf84492
SHA1

a2ded46cf05a9b990b18e041a2ec38b1b99a8718
SHA256

cfba9dab9282455d194d30dad7eac6cfc5c8e5d6caf94d631ed2b01a86e3a97f
SHA512

9616fd2a628a73bed15afc97814f4a12a3498be3d2f97a5e14a5f89160e9d5e7aae98d1314d7e2ece85ee7947ea749b3f2bfb0083bbf769f2c94a74a25401628
SSDEEP

49152:V0quZIhnwj8O/1ERxfzWOe4ZS7jVNtYNXUfRza32ehyfTlm:V0fZIhnwj88+RxfzWOe4ZS7jVNtK

Score

10^/10

quasar fsociety spyware trojan

Static task

static1

fsociety quasar

3 signatures

Behavioral task

behavioral1

Sample

03735699.exe

Resource

win7-20230220-en

quasar fsociety spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

03735699.exe

Resource

win10v2004-20230220-en

quasar fsociety spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Fsociety

C2

fsociety-router.asuscomm.com:13370

Mutex

4abe4f84-d0fa-4832-b705-2ccf4ff28cfe

Attributes

encryption_key
708FB54995DD321787A3B701157DF38D224E8701
install_name
GzrClient.exe
log_directory
Logs
reconnect_delay
3000
startup_key
QZR Startup
subdirectory
GZR

Targets

- Target
  
  03735699.exe
- Size
  
  2.8MB
- MD5
  
  ae2bc99fa3d39c5ce41fc2f5daf84492
- SHA1
  
  a2ded46cf05a9b990b18e041a2ec38b1b99a8718
- SHA256
  
  cfba9dab9282455d194d30dad7eac6cfc5c8e5d6caf94d631ed2b01a86e3a97f
- SHA512
  
  9616fd2a628a73bed15afc97814f4a12a3498be3d2f97a5e14a5f89160e9d5e7aae98d1314d7e2ece85ee7947ea749b3f2bfb0083bbf769f2c94a74a25401628
- SSDEEP
  
  49152:V0quZIhnwj8O/1ERxfzWOe4ZS7jVNtYNXUfRza32ehyfTlm:V0fZIhnwj88+RxfzWOe4ZS7jVNtK
Score

10^/10

quasar fsociety spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasarfsocietyspywaretrojan

behavioral2

quasarfsocietyspywaretrojan

© 2018-2024

Terms | Privacy