quasar | 629d5530f275916f11c4d7c3cca65e7b456544241dc9c89990feaddcc43860d4

General

Target

Client.exe
Size

3.1MB
Sample

230731-bkb3asca49
MD5

d4e19c7f48db1703b342222223963b31
SHA1

b5017897555d0cceb0a60b9b09a68580d8e7657a
SHA256

629d5530f275916f11c4d7c3cca65e7b456544241dc9c89990feaddcc43860d4
SHA512

39a4f02df0e711bb1c5eb478dacbc62ec3ffe7302b8adcfcd72c44563dc2e2e1da0a5157d441ff5bc485809b13510b4fb0ea82c711ae228f71cf233586988eaf
SSDEEP

49152:jvdG42pda6D+/PjlLOlg6yQipVRC01JSLoGdoqTHHB72eh2NT:jv042pda6D+/PjlLOlZyQipVRCP

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Infected

C2

192.168.1.1:4782

192.168.1.66:4782

dark-crystal.at.ply.gg:4782

Mutex

ff410ede-beff-4970-8e12-7d251057f1fd

Attributes

encryption_key
1B172706DED462B59F2A5056AB06A8DD1EE8491B
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client.exe
- Size
  
  3.1MB
- MD5
  
  d4e19c7f48db1703b342222223963b31
- SHA1
  
  b5017897555d0cceb0a60b9b09a68580d8e7657a
- SHA256
  
  629d5530f275916f11c4d7c3cca65e7b456544241dc9c89990feaddcc43860d4
- SHA512
  
  39a4f02df0e711bb1c5eb478dacbc62ec3ffe7302b8adcfcd72c44563dc2e2e1da0a5157d441ff5bc485809b13510b4fb0ea82c711ae228f71cf233586988eaf
- SSDEEP
  
  49152:jvdG42pda6D+/PjlLOlg6yQipVRC01JSLoGdoqTHHB72eh2NT:jv042pda6D+/PjlLOlZyQipVRCP
Score

10^/10

quasar infected spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2