quasar | 1c041ceec32a88f14ba0705059598af65206ab7a61abff23b012b95928890d59 | Triage

Submit
Reports

Overview

overview

Static

static

OperaSetup.exe

windows7-x64

OperaSetup.exe

windows10-1703-x64

OperaSetup.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

OperaSetup.exe
Size

6.1MB
Sample

230802-k21xesfa3z
MD5

187340d0966252e19cd25234908be33d
SHA1

47d9e8f4be1f2cb8dc9e979ce17344b2a906de4e
SHA256

1c041ceec32a88f14ba0705059598af65206ab7a61abff23b012b95928890d59
SHA512

7f63b5567ef65b3aa98331f27699b3f88f0ed3f793567427998770d185a80714b1a74d3ea6492ab3456df2f1f59c498032d07eaa41751c3cd29e02dbd8e90853
SSDEEP

98304:gGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqC4HIs2iTa2UUePNlcF134zJM70TR16r:g3NlqaubXgUCqCmjmMii

Score

10^/10

quasar opera spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

OperaSetup.exe

Resource

win7-20230712-en

quasar opera spyware stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

OperaSetup.exe

Resource

win10-20230703-en

quasar opera spyware stealer trojan upx

windows10-1703-x64

15 signatures

150 seconds

Behavioral task

behavioral3

Sample

OperaSetup.exe

Resource

win10v2004-20230703-en

quasar opera spyware stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.0

Botnet

Opera

C2

RomaPro28937723-49554.portmap.io:49554

Mutex

dbdeb9e2-1d62-453a-8c06-8a6bf4be3071

Attributes

encryption_key
8A2A7B58F2803115FF796E733C7311493928333B
install_name
launcher.exe
log_directory
Opera Logs
reconnect_delay
3000
startup_key
Opera Launcher
subdirectory
Opera Software

Targets

- Target
  
  OperaSetup.exe
- Size
  
  6.1MB
- MD5
  
  187340d0966252e19cd25234908be33d
- SHA1
  
  47d9e8f4be1f2cb8dc9e979ce17344b2a906de4e
- SHA256
  
  1c041ceec32a88f14ba0705059598af65206ab7a61abff23b012b95928890d59
- SHA512
  
  7f63b5567ef65b3aa98331f27699b3f88f0ed3f793567427998770d185a80714b1a74d3ea6492ab3456df2f1f59c498032d07eaa41751c3cd29e02dbd8e90853
- SSDEEP
  
  98304:gGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqC4HIs2iTa2UUePNlcF134zJM70TR16r:g3NlqaubXgUCqCmjmMii
Score

10^/10

quasar opera spyware stealer trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroperaspywarestealertrojanupx

behavioral2

quasaroperaspywarestealertrojanupx

behavioral3

quasaroperaspywarestealertrojanupx

© 2018-2025

Terms | Privacy