quasar | 68f2127ca5e808474139b66d145a3cc539c81b98d199e66e40e2d8ebc539fb6f | Triage

Submit
Reports

Overview

overview

Static

static

1

68f2127ca5...6f.chm

windows7-x64

1

68f2127ca5...6f.chm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

68f2127ca5e808474139b66d145a3cc539c81b98d199e66e40e2d8ebc539fb6f.chm
Size

11KB
Sample

230710-hj3xyshh6s
MD5

cbf4a64e3ac80ffc592c0a5a109d6cb2
SHA1

63d3ce3fe2e5a54a37bbb5059ec9884212ca6240
SHA256

68f2127ca5e808474139b66d145a3cc539c81b98d199e66e40e2d8ebc539fb6f
SHA512

cce778149ac0d86e681f1f3e2912d668aebc74a02df82a5eb1f968c23a69a9aebc1cea243ae50d89898604a17542688b34822a9fa0d9a0885869cad8a53ac383
SSDEEP

96:Mg14WHmLKd7Kw7GK6Q46bvuY3VKdmq83hWw3IOqdEy:MgPGLSKc6lsxVKdp83hWw3c

Score

10^/10

quasar spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

68f2127ca5e808474139b66d145a3cc539c81b98d199e66e40e2d8ebc539fb6f.chm

Resource

win7-20230705-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

68f2127ca5e808474139b66d145a3cc539c81b98d199e66e40e2d8ebc539fb6f.chm

Resource

win10v2004-20230703-en

quasar spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  68f2127ca5e808474139b66d145a3cc539c81b98d199e66e40e2d8ebc539fb6f.chm
- Size
  
  11KB
- MD5
  
  cbf4a64e3ac80ffc592c0a5a109d6cb2
- SHA1
  
  63d3ce3fe2e5a54a37bbb5059ec9884212ca6240
- SHA256
  
  68f2127ca5e808474139b66d145a3cc539c81b98d199e66e40e2d8ebc539fb6f
- SHA512
  
  cce778149ac0d86e681f1f3e2912d668aebc74a02df82a5eb1f968c23a69a9aebc1cea243ae50d89898604a17542688b34822a9fa0d9a0885869cad8a53ac383
- SSDEEP
  
  96:Mg14WHmLKd7Kw7GK6Q46bvuY3VKdmq83hWw3IOqdEy:MgPGLSKc6lsxVKdp83hWw3c
Score

10^/10

quasar spyware trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarspywaretrojan

© 2018-2025

Terms | Privacy