quasar | c1ed20f252eaa28ae2e5fc1bc08c60d9f6beccecf5ad1cb2e8278271c7acda59 | Triage

Submit
Reports

Overview

overview

Static

static

06470199.exe

windows7-x64

06470199.exe

windows10-2004-x64

Sharing

General

Target

06470199.dat
Size

3.1MB
Sample

230611-kgdamagg76
MD5

8164a3361f7bb473d898b796ec12d468
SHA1

71d2afe83bedb25eec78188ddc1385361c3d632f
SHA256

c1ed20f252eaa28ae2e5fc1bc08c60d9f6beccecf5ad1cb2e8278271c7acda59
SHA512

e50bec34cc54dcf4fad041277b53f33c1cad64ea4f9352bd2bc144a4b41514b1c33e32245b3385f15fe14019c11c741f167e884de519ea4b2cb6a78dd598421c
SSDEEP

49152:avct62XlaSFNWPjljiFa2RoUYI2YRJ60bR3LoGdWTHHB72eh2NT:avg62XlaSFNWPjljiFXRoUYI2YRJ6+

Score

10^/10

quasar ninjagram spyware trojan

Static task

static1

ninjagram quasar

3 signatures

Behavioral task

behavioral1

Sample

06470199.exe

Resource

win7-20230220-en

quasar ninjagram spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

06470199.exe

Resource

win10v2004-20230220-en

quasar ninjagram spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ninjagram

C2

nethttp.sytes.net:4782

Mutex

f04d3337-2e5e-4a42-bb35-8f2a600f118f

Attributes

encryption_key
D3749570795A041A5B9B7F71D15CD539096DC336
install_name
boot.exe
log_directory
security
reconnect_delay
1000
startup_key
services
subdirectory
winrn

Targets

- Target
  
  06470199.dat
- Size
  
  3.1MB
- MD5
  
  8164a3361f7bb473d898b796ec12d468
- SHA1
  
  71d2afe83bedb25eec78188ddc1385361c3d632f
- SHA256
  
  c1ed20f252eaa28ae2e5fc1bc08c60d9f6beccecf5ad1cb2e8278271c7acda59
- SHA512
  
  e50bec34cc54dcf4fad041277b53f33c1cad64ea4f9352bd2bc144a4b41514b1c33e32245b3385f15fe14019c11c741f167e884de519ea4b2cb6a78dd598421c
- SSDEEP
  
  49152:avct62XlaSFNWPjljiFa2RoUYI2YRJ60bR3LoGdWTHHB72eh2NT:avg62XlaSFNWPjljiFXRoUYI2YRJ6+
Score

10^/10

quasar ninjagram spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

ninjagramquasar

behavioral1

quasarninjagramspywaretrojan

behavioral2

quasarninjagramspywaretrojan

© 2018-2024

Terms | Privacy