quasar | cbe49c46c68fbf9a6733b839945e3eb01c02ee26e7a327ebb54aacad4e765a2b | Triage

Submit
Reports

Overview

overview

Static

static

Image Logger.exe

windows10-2004-x64

Image Logger.exe

windows11-21h2-x64

Sharing

General

Target

Image Logger.exe
Size

3.1MB
Sample

240101-q2dd1sbhdk
MD5

6af433dc5c20b6c59cb8c2b63ddf4963
SHA1

e378ad8a93a6859afb38f10332a044b1b898baca
SHA256

cbe49c46c68fbf9a6733b839945e3eb01c02ee26e7a327ebb54aacad4e765a2b
SHA512

4ba72e6858d3aecc2f87d0b23516ae7915df49fcbb91747c5d24462750e867956b1bb72e5fda397c8eb7a95d67440125de01167f78d79bc946b1397ec35e0de0
SSDEEP

49152:bvrI22SsaNYfdPBldt698dBcjHRMxNESExk/iHLoGdhYTHHB72eh2NT:bvU22SsaNYfdPBldt6+dBcjHWxwrR

Score

10^/10

quasar image logger spyware trojan

Static task

static1

image logger quasar

3 signatures

Behavioral task

behavioral1

Sample

Image Logger.exe

Resource

win10v2004-20231222-en

quasar image logger spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Image Logger.exe

Resource

win11-20231215-en

quasar image logger spyware trojan

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Image Logger

C2

promptylol-31420.portmap.io:5950

Mutex

4cdcc137-c98a-4223-9eca-fa3c3f414513

Attributes

encryption_key
92AAA484892AFDE2F29DD42856FA1D969FC2CCFE
install_name
sys.exe
log_directory
Logs
reconnect_delay
2995
startup_key
bootmgr
subdirectory
critical

Targets

- Target
  
  Image Logger.exe
- Size
  
  3.1MB
- MD5
  
  6af433dc5c20b6c59cb8c2b63ddf4963
- SHA1
  
  e378ad8a93a6859afb38f10332a044b1b898baca
- SHA256
  
  cbe49c46c68fbf9a6733b839945e3eb01c02ee26e7a327ebb54aacad4e765a2b
- SHA512
  
  4ba72e6858d3aecc2f87d0b23516ae7915df49fcbb91747c5d24462750e867956b1bb72e5fda397c8eb7a95d67440125de01167f78d79bc946b1397ec35e0de0
- SSDEEP
  
  49152:bvrI22SsaNYfdPBldt698dBcjHRMxNESExk/iHLoGdhYTHHB72eh2NT:bvU22SsaNYfdPBldt6+dBcjHWxwrR
Score

10^/10

quasar image logger spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

image loggerquasar

behavioral1

quasarimage loggerspywaretrojan

behavioral2

quasarimage loggerspywaretrojan

© 2018-2025

Terms | Privacy