quasar | 3f88f0443415341f4807693ead6bcd3be97d7437ba10d01f7b4969dc4ca53a3c | Triage

Submit
Reports

Overview

overview

Static

static

3

81fe02b22a...dd.exe

windows7-x64

81fe02b22a...dd.exe

windows10-2004-x64

5

Sharing

General

Target

81fe02b22a1c5d7d2f58071929b4c6dd.exe
Size

1.8MB
Sample

230614-ekmqksch43
MD5

81fe02b22a1c5d7d2f58071929b4c6dd
SHA1

12d91d12d4e7d0475b815683bbaf6311a4c5deb5
SHA256

3f88f0443415341f4807693ead6bcd3be97d7437ba10d01f7b4969dc4ca53a3c
SHA512

02846ca21b8837a52a3f8ec47d781b7e9e38764176aeb085b2db05ff2a3c2469ca084c195cf00a99f469c586420fc82192ff4ec3a7bbb0965a5724b52bb98d48
SSDEEP

12288:wG+i1cTob5rpXuEq++p6xG5ssxODepysgSk9DyL1HUyIP9IylT8rhke6nuRs9U51:wrkcG+p6U5U8ae6n+5OaKdWq2o14

Score

10^/10

quasar 202 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

81fe02b22a1c5d7d2f58071929b4c6dd.exe

Resource

win7-20230220-en

quasar 202 spyware trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

81fe02b22a1c5d7d2f58071929b4c6dd.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

202

C2

windows10-11.ddnsfree.com:5552

windows10-11.ddns.net:5552

Mutex

QSR_MUTEX_boxEKxe8a0LoR2kBL1

Attributes

encryption_key
KuJ4t6tq6AQ5l33A3aYj
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  81fe02b22a1c5d7d2f58071929b4c6dd.exe
- Size
  
  1.8MB
- MD5
  
  81fe02b22a1c5d7d2f58071929b4c6dd
- SHA1
  
  12d91d12d4e7d0475b815683bbaf6311a4c5deb5
- SHA256
  
  3f88f0443415341f4807693ead6bcd3be97d7437ba10d01f7b4969dc4ca53a3c
- SHA512
  
  02846ca21b8837a52a3f8ec47d781b7e9e38764176aeb085b2db05ff2a3c2469ca084c195cf00a99f469c586420fc82192ff4ec3a7bbb0965a5724b52bb98d48
- SSDEEP
  
  12288:wG+i1cTob5rpXuEq++p6xG5ssxODepysgSk9DyL1HUyIP9IylT8rhke6nuRs9U51:wrkcG+p6U5U8ae6n+5OaKdWq2o14
Score

10^/10

quasar 202 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasar202spywaretrojan

behavioral2

© 2018-2024

Terms | Privacy