quasar | be89472c81e89ff3fe48fb7ad18489e2f6db45abfe118f6eb4eeb6f01977fcdd | Triage

Submit
Reports

Overview

overview

Static

static

host.exe

windows7-x64

host.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

546db3fcd7e65363457a2fb3d10ac617.bin
Size

165KB
Sample

231101-bt7kkaaf46
MD5

546db3fcd7e65363457a2fb3d10ac617
SHA1

7b086f07a02eed0c5706b0e9b6824505a0414120
SHA256

be89472c81e89ff3fe48fb7ad18489e2f6db45abfe118f6eb4eeb6f01977fcdd
SHA512

aec2989caf11c45702060325f90a2ff246393088d2d008ce95697b8a7e876e60968c46f08006a4bde9cb6b4191c3c59227b1e24704dc93f934d0d0678a55418f
SSDEEP

3072:MkP4EDV8Ijf4Rbq0xsa/+cM7UYrJuvfa2fGTEiLmvqOpQaQLGmPvucqPf1S+Ow:4EDVJ4xya/XMwYr4vjfwAv7pQaeXPWc+

Score

10^/10

quasar crypto new 2 persistence spyware trojan

Static task

static1

crypto new 2 quasar

3 signatures

Behavioral task

behavioral1

Sample

host.exe

Resource

win7-20231025-en

quasar crypto new 2 spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

host.exe

Resource

win10v2004-20231023-en

quasar crypto new 2 persistence spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

crypto new 2

C2

youtubevideos.duckdns.org:60

Mutex

QSR_MUTEX_UW2Q1R9Nhq2Wep6ciM

Attributes

encryption_key
XlkPQVgFSxZI2YKrxURt
install_name
host.exe
log_directory
Logs
reconnect_delay
3000
startup_key
host
subdirectory
System32

Targets

- Target
  
  host.exe
- Size
  
  348KB
- MD5
  
  e0dc6722a9bc7af2d3fcf19e894f5043
- SHA1
  
  182ef440603b17893b0bb3b57f52d632ebbb2049
- SHA256
  
  63c22ff05a3d78dd08deda98041b693bf13815df41da51caa2dca1bb991dddb6
- SHA512
  
  4fe4ee7d871a6b4bf62dee9775bf83b18f936a0c8fcb2d8b0a92ad2b46742c02a0b3e8b8baa0333cf4eac5edd8f376c7698ea7f9a001fd9387c5c0f0839fd9f5
- SSDEEP
  
  6144:b16bPXhLApfpvVM3fB3/x2b66yyVT/1SXYVQcSi:RmhAp7M3p3Zt6yyVTNSXY4i
Score

10^/10

quasar crypto new 2 spyware trojan persistence
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

crypto new 2quasar

behavioral1

quasarcrypto new 2spywaretrojan

behavioral2

quasarcrypto new 2persistencespywaretrojan

© 2018-2025

Terms | Privacy