quasar | d5872aec821628ddcdf5276cc043041713dbbf44aeeb34e70158f176613887ec | Triage

Submit
Reports

Overview

overview

Static

static

3

da0302e080...78.exe

windows7-x64

da0302e080...78.exe

windows10-2004-x64

Resubmissions

14-06-2023 12:39

230614-pvp9kaha59 10

13-06-2023 10:39

230613-mpyyeafg83 10

Sharing

General

Target

da0302e0803f64dcdb60454a87f9bf78.exe
Size

528KB
Sample

230613-mpyyeafg83
MD5

da0302e0803f64dcdb60454a87f9bf78
SHA1

243a5df7c15062adeb9a6a4c009b2813d91ca2e7
SHA256

d5872aec821628ddcdf5276cc043041713dbbf44aeeb34e70158f176613887ec
SHA512

fc253e2b891429d7e7893a0bc7b53d0e6cb7dd8f925a68c2781c2c1e110080c8c496c8fe511476e291df63ed8ff0a1055781ca764edba504e0bc48048faa9653
SSDEEP

12288:M6kit4htKxmmnYZ3oHp5EAUVb8k7BsSJMSA5O71:M6kJtE75XzWQk7BsTN

Score

10^/10

quasar newcrypt spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

da0302e0803f64dcdb60454a87f9bf78.exe

Resource

win7-20230220-en

quasar newcrypt spyware trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

da0302e0803f64dcdb60454a87f9bf78.exe

Resource

win10v2004-20230220-en

quasar newcrypt spyware trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

newcrypt

C2

103.136.199.131:4782

158.247.227.231:4782

Mutex

973aa178-3f17-48ed-b33e-52dd11425768

Attributes

encryption_key
3E9E141AD83C5BD6CE91880C0E256E15401EC674
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Google Chrome Updater
subdirectory
SubDir

Targets

- Target
  
  da0302e0803f64dcdb60454a87f9bf78.exe
- Size
  
  528KB
- MD5
  
  da0302e0803f64dcdb60454a87f9bf78
- SHA1
  
  243a5df7c15062adeb9a6a4c009b2813d91ca2e7
- SHA256
  
  d5872aec821628ddcdf5276cc043041713dbbf44aeeb34e70158f176613887ec
- SHA512
  
  fc253e2b891429d7e7893a0bc7b53d0e6cb7dd8f925a68c2781c2c1e110080c8c496c8fe511476e291df63ed8ff0a1055781ca764edba504e0bc48048faa9653
- SSDEEP
  
  12288:M6kit4htKxmmnYZ3oHp5EAUVb8k7BsSJMSA5O71:M6kJtE75XzWQk7BsTN
Score

10^/10

quasar newcrypt spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarnewcryptspywaretrojan

behavioral2

quasarnewcryptspywaretrojan

© 2018-2024

Terms | Privacy