quasar | 95ce847439a03bc2755d3932a1d217895394da1e776c831876f6b41566d3cac4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdcce3812a7c24b08b9dbc086366a90f.exe
Size

4.4MB
Sample

231224-pl6vysebg4
MD5

bdcce3812a7c24b08b9dbc086366a90f
SHA1

dbe4087c1d1e75fbfe027e89ea3e503481fb2293
SHA256

95ce847439a03bc2755d3932a1d217895394da1e776c831876f6b41566d3cac4
SHA512

9360e9db882294704ccd8e73cbcc8573895cd35a94164a8e3336f2dffb3f10580b1e98f1dcdc390b37b89c131fc1abde30752eb7141a79b4c154466932ed2c74
SSDEEP

49152:q9HocYmdPbzi732ww0PE2k3KYiAoMG8WQYuZ4ix:

Score

10^/10

quasar nik222 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

nik222

C2

dartkom22.ddns.net:2008

Mutex

6fff0635-b16a-4828-89b5-87ddd1594028

Attributes

encryption_key
CA9652069F676B140195382DDE3DAC88510B7623
install_name
vnona.exe
log_directory
Logs
reconnect_delay
3000
startup_key
shonkk.exe
subdirectory
SubDir

Targets

- Target
  
  bdcce3812a7c24b08b9dbc086366a90f.exe
- Size
  
  4.4MB
- MD5
  
  bdcce3812a7c24b08b9dbc086366a90f
- SHA1
  
  dbe4087c1d1e75fbfe027e89ea3e503481fb2293
- SHA256
  
  95ce847439a03bc2755d3932a1d217895394da1e776c831876f6b41566d3cac4
- SHA512
  
  9360e9db882294704ccd8e73cbcc8573895cd35a94164a8e3336f2dffb3f10580b1e98f1dcdc390b37b89c131fc1abde30752eb7141a79b4c154466932ed2c74
- SSDEEP
  
  49152:q9HocYmdPbzi732ww0PE2k3KYiAoMG8WQYuZ4ix:
Score

10^/10

quasar nik222 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarnik222spywaretrojan