quasar | 3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d | Triage

Submit
Reports

Overview

overview

Static

static

3a9e31e398...9d.exe

windows7-x64

3a9e31e398...9d.exe

windows10-2004-x64

Sharing

General

Target

3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
Size

3.1MB
Sample

231107-lbxbzsfd24
MD5

7c286bfc44121880fd6f519cef8dbb76
SHA1

f63c551d27e7dcaa8391efb6efc8e3edbb5405de
SHA256

3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
SHA512

9c7ff4e205b75d6e342a26e1d35db0fcc5e1dd86ad61726606a4f8f3fceb749a175d4c93f12157182e26c798dc9faacb3787c79b61d90698d3589b049d2a8b55
SSDEEP

49152:GvXI22SsaNYfdPBldt698dBcjHU6DkE2Hsk/+FgoGdn+fTHHB72eh2NT:GvY22SsaNYfdPBldt6+dBcjHU6DJeu

Score

10^/10

quasar sys32 spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d.exe

Resource

win7-20231023-en

quasar sys32 spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d.exe

Resource

win10v2004-20231020-en

quasar sys32 spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Sys32

C2

180.195.205.155:4782

Mutex

cb2c21d0-caea-4e5b-aec0-8169b705d768

Attributes

encryption_key
9A4F139DB2DACE4C19ACED3CE2C37A9E9F5329AA
install_name
Sys32.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
- Size
  
  3.1MB
- MD5
  
  7c286bfc44121880fd6f519cef8dbb76
- SHA1
  
  f63c551d27e7dcaa8391efb6efc8e3edbb5405de
- SHA256
  
  3a9e31e398e0f96a8c0e7a8d99a2dc36da74056be0882d97ba2cad813190b09d
- SHA512
  
  9c7ff4e205b75d6e342a26e1d35db0fcc5e1dd86ad61726606a4f8f3fceb749a175d4c93f12157182e26c798dc9faacb3787c79b61d90698d3589b049d2a8b55
- SSDEEP
  
  49152:GvXI22SsaNYfdPBldt698dBcjHU6DkE2Hsk/+FgoGdn+fTHHB72eh2NT:GvY22SsaNYfdPBldt6+dBcjHU6DJeu
Score

10^/10

quasar sys32 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarsys32spywaretrojan

behavioral2

quasarsys32spywaretrojan

© 2018-2024

Terms | Privacy