quasar | 091833fb986ac8a78a9a33ae7852d2b02d510348bdcb915d4e2e51a6de27f64a

Analysis

max time kernel
1462s
max time network
1503s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 10:15

Target

turingmachine.exe
Size

286KB
MD5

c81a9adf64819041ac1435fab28004e3
SHA1

a126d54caabbdd6456ac1ddd57a4ead629f4f287
SHA256

5a1c7a22a6fbe36701b53b49a134ad37ab6194030753824a1bef260862902ac8
SHA512

3ec5bc46bd46a06271905614adde9e60dd30d2315eb700d36852c6d2e1207a6218d007a7eb9ef2f0134eae53b1a04305be61e314e0ca426e132e8660e0bdcf58
SSDEEP

6144:lGz3mOwb5nxTfSUkAxzi1jZtV6GUvUwibiCcefPgMJjaTbMFfCNB53C:2YxrOKHibiCce3jaU6B53C

Score

10^/10

Family

quasar

Attributes

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral9/memory/2956-133-0x0000000000E50000-0x0000000000E9E000-memory.dmp	family_quasar

C:\Users\Admin\AppData\Local\Temp\turingmachine.exe
"C:\Users\Admin\AppData\Local\Temp\turingmachine.exe"
1⤵
PID:2956

memory/2956-133-0x0000000000E50000-0x0000000000E9E000-memory.dmp

Filesize
312KB

Download
memory/2956-134-0x00000000745B0000-0x0000000074D60000-memory.dmp

Filesize
7.7MB

Download
memory/2956-135-0x0000000005EF0000-0x0000000006494000-memory.dmp

Filesize
5.6MB

Download
memory/2956-136-0x0000000005940000-0x00000000059D2000-memory.dmp

Filesize
584KB

Download
memory/2956-138-0x0000000005B20000-0x0000000005B30000-memory.dmp

Filesize
64KB

Download
memory/2956-139-0x00000000745B0000-0x0000000074D60000-memory.dmp

Filesize
7.7MB

Download