quasar | f96ebec7e775e74f8ca42dfd15d576c61be51f9446f61ec1ea4d728c2a157af1

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2023, 03:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f96ebec7e775e74f8ca42dfd15d576c61be51f9446f61ec1ea4d728c2a157af1.exe
Size

9.6MB
MD5

0745bb5bb478d211262acd879036a7b3
SHA1

f1b69aa0ae169e87a844d2c28638dc8758505b26
SHA256

f96ebec7e775e74f8ca42dfd15d576c61be51f9446f61ec1ea4d728c2a157af1
SHA512

9ae0599136fb8990fa26d156496c55d318aa035fd7b174dd6d1de7f95eb9afec81a16b91a8c3b32ae40f913ca1b7edafdc17eeabb901ea207fb88b47d8686030
SSDEEP

196608:PJQaPHrQqXs140qMhu8369sV+HLz9SKUeNdDhHidV+hzGWV2RfRof5wQlavxQoFr:PJQaPHrQqXs140qMhu8369sV+HLz9SK6

Score

10^/10

quasar spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 3 IoCs

resource	yara_rule
behavioral2/memory/1924-45-0x000000001D0D0000-0x000000001D34C000-memory.dmp	family_quasar
behavioral2/memory/1924-57-0x000000001D0D0000-0x000000001D34C000-memory.dmp	family_quasar
behavioral2/memory/1924-66-0x000000001D6F0000-0x000000001D96C000-memory.dmp	family_quasar

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
31	ip-api.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1924	f96ebec7e775e74f8ca42dfd15d576c61be51f9446f61ec1ea4d728c2a157af1.exe

C:\Users\Admin\AppData\Local\Temp\f96ebec7e775e74f8ca42dfd15d576c61be51f9446f61ec1ea4d728c2a157af1.exe
"C:\Users\Admin\AppData\Local\Temp\f96ebec7e775e74f8ca42dfd15d576c61be51f9446f61ec1ea4d728c2a157af1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-0-0x00007FFF99BD0000-0x00007FFF9A691000-memory.dmp

Filesize
10.8MB

Download
memory/1924-1-0x000000001AD10000-0x000000001AEB0000-memory.dmp

Filesize
1.6MB

Download
memory/1924-2-0x000000001AD10000-0x000000001AEB0000-memory.dmp

Filesize
1.6MB

Download
memory/1924-3-0x000000001AD10000-0x000000001AEB0000-memory.dmp

Filesize
1.6MB

Download
memory/1924-6-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/1924-4-0x00007FFF99BD0000-0x00007FFF9A691000-memory.dmp

Filesize
10.8MB

Download
memory/1924-16-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/1924-14-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/1924-20-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/1924-21-0x00007FFFB8250000-0x00007FFFB8445000-memory.dmp

Filesize
2.0MB

Download
memory/1924-19-0x00007FFFB80B0000-0x00007FFFB80B1000-memory.dmp

Filesize
4KB

Download
memory/1924-24-0x00007FFFB8230000-0x00007FFFB8231000-memory.dmp

Filesize
4KB

Download
memory/1924-27-0x00007FFFB8140000-0x00007FFFB8141000-memory.dmp

Filesize
4KB

Download
memory/1924-32-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/1924-31-0x00007FFFB80E0000-0x00007FFFB80E1000-memory.dmp

Filesize
4KB

Download
memory/1924-33-0x00007FFFB8240000-0x00007FFFB8241000-memory.dmp

Filesize
4KB

Download
memory/1924-35-0x00007FFFB8160000-0x00007FFFB8161000-memory.dmp

Filesize
4KB

Download
memory/1924-38-0x00007FFFB8150000-0x00007FFFB8151000-memory.dmp

Filesize
4KB

Download
memory/1924-39-0x00007FFFB81A0000-0x00007FFFB81A1000-memory.dmp

Filesize
4KB

Download
memory/1924-40-0x00007FFFB8250000-0x00007FFFB8445000-memory.dmp

Filesize
2.0MB

Download
memory/1924-41-0x00007FFFB8250000-0x00007FFFB8445000-memory.dmp

Filesize
2.0MB

Download
memory/1924-29-0x00007FFFB8130000-0x00007FFFB8131000-memory.dmp

Filesize
4KB

Download
memory/1924-42-0x000000001D0D0000-0x000000001D34C000-memory.dmp

Filesize
2.5MB

Download
memory/1924-26-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download
memory/1924-45-0x000000001D0D0000-0x000000001D34C000-memory.dmp

Filesize
2.5MB

Download
memory/1924-46-0x00007FFFB8170000-0x00007FFFB8171000-memory.dmp

Filesize
4KB

Download
memory/1924-44-0x00007FFFB8250000-0x00007FFFB8445000-memory.dmp

Filesize
2.0MB

Download
memory/1924-50-0x00007FFFB8210000-0x00007FFFB8211000-memory.dmp

Filesize
4KB

Download
memory/1924-52-0x00007FFFB81E0000-0x00007FFFB81E1000-memory.dmp

Filesize
4KB

Download
memory/1924-54-0x00007FFFB81D0000-0x00007FFFB81D1000-memory.dmp

Filesize
4KB

Download
memory/1924-56-0x00007FFFB8180000-0x00007FFFB8181000-memory.dmp

Filesize
4KB

Download
memory/1924-58-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-60-0x00007FFFB80D0000-0x00007FFFB80D1000-memory.dmp

Filesize
4KB

Download
memory/1924-57-0x000000001D0D0000-0x000000001D34C000-memory.dmp

Filesize
2.5MB

Download
memory/1924-48-0x00007FFFB8220000-0x00007FFFB8221000-memory.dmp

Filesize
4KB

Download
memory/1924-25-0x00007FFFB8200000-0x00007FFFB8201000-memory.dmp

Filesize
4KB

Download
memory/1924-66-0x000000001D6F0000-0x000000001D96C000-memory.dmp

Filesize
2.5MB

Download
memory/1924-67-0x00007FFFB8120000-0x00007FFFB8121000-memory.dmp

Filesize
4KB

Download
memory/1924-68-0x00007FFFB8110000-0x00007FFFB8111000-memory.dmp

Filesize
4KB

Download
memory/1924-84-0x0000000002970000-0x000000000297A000-memory.dmp

Filesize
40KB

Download
memory/1924-77-0x0000000002950000-0x000000000295A000-memory.dmp

Filesize
40KB

Download
memory/1924-74-0x0000000002950000-0x000000000295A000-memory.dmp

Filesize
40KB

Download
memory/1924-71-0x0000000002950000-0x000000000295A000-memory.dmp

Filesize
40KB

Download
memory/1924-69-0x0000000002950000-0x000000000295A000-memory.dmp

Filesize
40KB

Download
memory/1924-85-0x00007FFF98180000-0x00007FFF982CE000-memory.dmp

Filesize
1.3MB

Download
memory/1924-89-0x0000000002970000-0x000000000297A000-memory.dmp

Filesize
40KB

Download
memory/1924-88-0x0000000002970000-0x000000000297A000-memory.dmp

Filesize
40KB

Download
memory/1924-87-0x0000000002970000-0x000000000297A000-memory.dmp

Filesize
40KB

Download
memory/1924-91-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-97-0x000000001E8C0000-0x000000001E8E2000-memory.dmp

Filesize
136KB

Download
memory/1924-109-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-108-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-111-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-112-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-110-0x00007FFF99BD0000-0x00007FFF9A691000-memory.dmp

Filesize
10.8MB

Download
memory/1924-113-0x000000001F4A0000-0x000000001F4B2000-memory.dmp

Filesize
72KB

Download
memory/1924-114-0x000000001F830000-0x000000001F86C000-memory.dmp

Filesize
240KB

Download
memory/1924-115-0x000000001AD10000-0x000000001AEB0000-memory.dmp

Filesize
1.6MB

Download
memory/1924-118-0x00007FFFB8190000-0x00007FFFB8191000-memory.dmp

Filesize
4KB

Download
memory/1924-161-0x00007FFFB8250000-0x00007FFFB8445000-memory.dmp

Filesize
2.0MB

Download
memory/1924-166-0x00007FFFB8250000-0x00007FFFB8445000-memory.dmp

Filesize
2.0MB

Download
memory/1924-167-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-172-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-173-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-174-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-175-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download
memory/1924-176-0x00000000020D0000-0x00000000020E0000-memory.dmp

Filesize
64KB

Download