quasar | 5ae5cbd5ef29c6386888ce1c5b15a44a07e27f6be64ca5c450d29745a2847e14

Analysis

max time kernel
117s
max time network
134s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20-09-2023 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83006c24730b2d7fb7506451aee3d6bb85cc27d64e230630bc66517c7ba9ed21.exe
Size

1.0MB
MD5

5a8434f899549874f8114dda6a6e2763
SHA1

5950904de381e2e16411b315ed91d683b11bd66e
SHA256

83006c24730b2d7fb7506451aee3d6bb85cc27d64e230630bc66517c7ba9ed21
SHA512

c6953fcaebd25e13c2d30362f60e3a2defc7c83e640b023f766dbbf305c30332d654d2882b8247126909f2bc994ec2268f0ee0e70a607d910a53b6ae8b98ed9b
SSDEEP

24576:Eaynkc1ZzBvtrZHFjMKY2GocjuN6Yelp+QlGVB/yqR:1ynkc1ZzBvtrZHFjMKY2kjuN6Yelpju

Score

10^/10

quasar venom client spyware trojan

Malware Config

Extracted

Family

quasar

Version

2.7.0.0

Botnet

Venom Client

crazydns.linkpc.net:3000

Mutex

ER5Ojs5Por1j5joXR6

Attributes

encryption_key
HHtj6qkHuyo7mzRB7Q0O
install_name
Venom.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Venom Client Startup

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral1/memory/2424-0-0x0000000000D80000-0x0000000000E90000-memory.dmp	family_quasar

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2424	83006c24730b2d7fb7506451aee3d6bb85cc27d64e230630bc66517c7ba9ed21.exe

C:\Users\Admin\AppData\Local\Temp\83006c24730b2d7fb7506451aee3d6bb85cc27d64e230630bc66517c7ba9ed21.exe
"C:\Users\Admin\AppData\Local\Temp\83006c24730b2d7fb7506451aee3d6bb85cc27d64e230630bc66517c7ba9ed21.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2424-0-0x0000000000D80000-0x0000000000E90000-memory.dmp

Filesize
1.1MB

Download
memory/2424-1-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download
memory/2424-2-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/2424-3-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download
memory/2424-4-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download