quasar | 8281d71efcdc4a31140455be8ea5bfe040064cc2d2b68ef1722ed65ce9e937de | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

OperaSetup.exe

windows10-1703-x64

OperaSetup.exe

windows10-2004-x64

Sharing

General

Target

OperaSetup.exe
Size

6.1MB
Sample

230804-lje3nsad26
MD5

0ce4fdaf85397833c486de4cee4bab26
SHA1

a80b5273a340e0ebc95ce8e1a643f7fc0347153c
SHA256

8281d71efcdc4a31140455be8ea5bfe040064cc2d2b68ef1722ed65ce9e937de
SHA512

d05f607ffc2cf6876022fce6c09fbf6b70c17a46a57c6fc29bf06784d0b2aaee9c2f27dbcb0ecb096d4af7d724f9d8553008e112095a7b252d7a0334fc3d99ac
SSDEEP

98304:BGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCRHIs2iTa2UUePNlcF134zJM7ts4J6:B3NlqaubXgUCqCdjmMJJ

Score

10^/10

quasar opera spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

OperaSetup.exe

Resource

win10-20230703-en

quasar opera spyware stealer trojan upx

windows10-1703-x64

15 signatures

1800 seconds

Behavioral task

behavioral2

Sample

OperaSetup.exe

Resource

win10v2004-20230703-en

quasar opera spyware stealer trojan upx

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.0

Botnet

Opera

C2

RomaPro28937723-49554.portmap.io:49554

Mutex

dbdeb9e2-1d62-453a-8c06-8a6bf4be3071

Attributes

encryption_key
8A2A7B58F2803115FF796E733C7311493928333B
install_name
launcher.exe
log_directory
Opera Logs
reconnect_delay
3000
startup_key
Opera Launcher
subdirectory
Opera Software

Targets

- Target
  
  OperaSetup.exe
- Size
  
  6.1MB
- MD5
  
  0ce4fdaf85397833c486de4cee4bab26
- SHA1
  
  a80b5273a340e0ebc95ce8e1a643f7fc0347153c
- SHA256
  
  8281d71efcdc4a31140455be8ea5bfe040064cc2d2b68ef1722ed65ce9e937de
- SHA512
  
  d05f607ffc2cf6876022fce6c09fbf6b70c17a46a57c6fc29bf06784d0b2aaee9c2f27dbcb0ecb096d4af7d724f9d8553008e112095a7b252d7a0334fc3d99ac
- SSDEEP
  
  98304:BGh5ziNlRUaub+MPDrc/c+NmXnKyFrsqCRHIs2iTa2UUePNlcF134zJM7ts4J6:B3NlqaubXgUCqCdjmMJJ
Score

10^/10

quasar opera spyware stealer trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroperaspywarestealertrojanupx

behavioral2

quasaroperaspywarestealertrojanupx

© 2018-2025

Terms | Privacy