quasar | 75314603ad6007bb6f475f35e4b45871bdefb815f0f8128c3fe279a10bd19e3f | Triage

Sharing

General

Target

Sevkiyat-Bilgisi_1.gz.zip
Size

1.1MB
Sample

230711-qf3rsaac5w
MD5

6b833067a2083e23f29b71edf087c0ee
SHA1

08006d5655bf2dcb340faec1e66e4650cf2cf19e
SHA256

75314603ad6007bb6f475f35e4b45871bdefb815f0f8128c3fe279a10bd19e3f
SHA512

4722a786ec72f209ab9e7d56d09aa323dacf94f6183d40f95d81f74a47287cd559183e91b15e7bb524502f617805f1fc402855716ec3eb3ea940e63b7ef23764
SSDEEP

24576:Hq3wkG/JOqbMWD7kaSP6L7Z8J5XCtC5Mccq97n5irp+fC:Hq3w7/mEwGL7ZYoC5MO58oa

Score

10^/10

quasar kbop spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

KBop

C2

kolptyubeatcam.sytes.net:64594

fronpeatcam.publicvm.com:64595

fronadeatcam.publicvm.com:64595

fronadeatcam.sytes.net:64595

Mutex

QSR_MUTEX_z6cdb40DnEoyUzOwXW

Attributes

encryption_key
jem6XrSkWxQgjosAOUlN
install_name
jres.exe
log_directory
Logs
reconnect_delay
3000
startup_key
jdm
subdirectory
oilk

Targets

- Target
  
  Sevkiyat-Bilgisi..com
- Size
  
  1.4MB
- MD5
  
  35978426c438be50ff71a09d303054e3
- SHA1
  
  99a8f137febd7a34cdcd6f3f867a02666cdb35be
- SHA256
  
  866b5bcc067af55b26fae2013af4310fb27381a585e720a1dd39c722f1a18c19
- SHA512
  
  5f1b82c685f8744c38d01e85c4f7a865cd54686c062e4de83f80bac46b3e0007ee571d5ee564a22aec60ea81c9e21b50f554f7e046e7a126d93214ad54b1097b
- SSDEEP
  
  24576:CNA3R5drXP/2ai/O+Bo2DxkmgP6L7Z8D5b2bM5MccqBhn1urp+Cq:b53V1kioL7ZccM5M214od
Score

10^/10

quasar kbop spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarkbopspywaretrojan

behavioral2

quasarkbopspywaretrojan