Malware Analysis Report

2025-08-05 14:10

Sample ID 230816-lhxlbsbg91
Target test.exe
SHA256 781ecb1f7366bf4ae82fc447898d1ec82f49a48787dff6b0bfb9a0f69e85c354
Tags
office quasar spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

781ecb1f7366bf4ae82fc447898d1ec82f49a48787dff6b0bfb9a0f69e85c354

Threat Level: Known bad

The file test.exe was found to be: Known bad.

Malicious Activity Summary

office quasar spyware stealer trojan

Quasar family

Quasar RAT

Quasar payload

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-16 09:32

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-16 09:32

Reported

2023-08-16 09:58

Platform

win10-20230703-en

Max time kernel

1544s

Max time network

1554s

Command Line

"C:\Users\Admin\AppData\Local\Temp\test.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\test.exe

"C:\Users\Admin\AppData\Local\Temp\test.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 191.67.124.3.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 ipwho.is udp
CA 108.181.98.179:443 ipwho.is tcp
US 8.8.8.8:53 179.98.181.108.in-addr.arpa udp
US 8.8.8.8:53 38.148.119.40.in-addr.arpa udp
US 8.8.8.8:53 153.141.79.40.in-addr.arpa udp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 168.188.125.3.in-addr.arpa udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 131.111.157.35.in-addr.arpa udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 232.56.68.3.in-addr.arpa udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 214.224.126.3.in-addr.arpa udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp

Files

memory/4956-122-0x0000000000A20000-0x0000000000D44000-memory.dmp

memory/4956-123-0x00007FFD6FDF0000-0x00007FFD707DC000-memory.dmp

memory/4956-124-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-125-0x000000001BCA0000-0x000000001BCF0000-memory.dmp

memory/4956-126-0x000000001BDB0000-0x000000001BE62000-memory.dmp

memory/4956-129-0x000000001B960000-0x000000001B972000-memory.dmp

memory/4956-130-0x000000001BD30000-0x000000001BD6E000-memory.dmp

memory/4956-131-0x00007FFD6FDF0000-0x00007FFD707DC000-memory.dmp

memory/4956-135-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-137-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-136-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-138-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-139-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-140-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-141-0x000000001B990000-0x000000001B9A0000-memory.dmp

memory/4956-142-0x000000001B990000-0x000000001B9A0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-16 09:32

Reported

2023-08-16 09:58

Platform

win10v2004-20230703-en

Max time kernel

1553s

Max time network

1557s

Command Line

"C:\Users\Admin\AppData\Local\Temp\test.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\test.exe

"C:\Users\Admin\AppData\Local\Temp\test.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 ipwho.is udp
CA 108.181.98.179:443 ipwho.is tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 169.15.67.3.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 179.98.181.108.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 131.111.157.35.in-addr.arpa udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 168.188.125.3.in-addr.arpa udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 214.224.126.3.in-addr.arpa udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 191.67.124.3.in-addr.arpa udp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 232.56.68.3.in-addr.arpa udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
DE 3.125.188.168:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
DE 35.157.111.131:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
DE 3.124.67.191:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 18.175.53.84.in-addr.arpa udp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
DE 3.126.224.214:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp

Files

memory/2716-133-0x0000000000660000-0x0000000000984000-memory.dmp

memory/2716-134-0x00007FFCF0A60000-0x00007FFCF1521000-memory.dmp

memory/2716-135-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-136-0x000000001D180000-0x000000001D1D0000-memory.dmp

memory/2716-137-0x000000001D290000-0x000000001D342000-memory.dmp

memory/2716-140-0x000000001D1F0000-0x000000001D202000-memory.dmp

memory/2716-141-0x000000001D250000-0x000000001D28C000-memory.dmp

memory/2716-142-0x00007FFCF0A60000-0x00007FFCF1521000-memory.dmp

memory/2716-143-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-144-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-145-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-146-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-147-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-148-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-149-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-150-0x000000001B4C0000-0x000000001B4D0000-memory.dmp

memory/2716-151-0x000000001B4C0000-0x000000001B4D0000-memory.dmp