quasar | ed4cbfe246783bd7a7d124ac8f67e208f968a805264c3c6883fe77ac8fc4e72c | Triage

Submit
Reports

Overview

overview

Static

static

OperaSetup.exe

windows7-x64

Sharing

Copy URL Twitter E-mail

General

Target

OperaSetup.exe
Size

6.0MB
Sample

230723-memsdsed8v
MD5

6e9a5eb6cf78a859c57f941b97e1fa15
SHA1

8c7fa34eb9536c54bdb49939881a5010cd33eb9b
SHA256

ed4cbfe246783bd7a7d124ac8f67e208f968a805264c3c6883fe77ac8fc4e72c
SHA512

e8a72ba8b33a480b391a739c2bfef12bbe2e933deb70851de60c940bce353c12dea5070e5ed2d2effc405a9ad49dc62afac23bd1685a27e7f2907bdd72eeba64
SSDEEP

98304:jGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCdvE62XlaSFNWPjljiFXRoUYIB4dB:j3NlqaubXgUCqCRcZYnB

Score

10^/10

quasar opera spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

OperaSetup.exe

Resource

win7-20230712-en

quasar opera spyware stealer trojan upx

windows7-x64

17 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.4.1

Botnet

Opera

C2

6.tcp.eu.ngrok.io:19271

Mutex

feb69ae7-695d-40ed-89a2-04ef8bd51b77

Attributes

encryption_key
BE406BCA39FA7E9CE29EAD78E1350B24413E24BF
install_name
launcher.exe
log_directory
Opera Logs
reconnect_delay
3000
startup_key
Opera Launcher
subdirectory
Opera Software

Targets

- Target
  
  OperaSetup.exe
- Size
  
  6.0MB
- MD5
  
  6e9a5eb6cf78a859c57f941b97e1fa15
- SHA1
  
  8c7fa34eb9536c54bdb49939881a5010cd33eb9b
- SHA256
  
  ed4cbfe246783bd7a7d124ac8f67e208f968a805264c3c6883fe77ac8fc4e72c
- SHA512
  
  e8a72ba8b33a480b391a739c2bfef12bbe2e933deb70851de60c940bce353c12dea5070e5ed2d2effc405a9ad49dc62afac23bd1685a27e7f2907bdd72eeba64
- SSDEEP
  
  98304:jGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCdvE62XlaSFNWPjljiFXRoUYIB4dB:j3NlqaubXgUCqCRcZYnB
Score

10^/10

quasar opera spyware stealer trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroperaspywarestealertrojanupx

© 2018-2025

Terms | Privacy