quasar | 5f1dd77b816aebcbf1238bd4af19e7e5a88f946210998ad30a9cd829c7f9ae2c | Triage

Submit
Reports

Overview

overview

Static

static

mailpass_g...er.exe

windows7-x64

mailpass_g...er.exe

windows10-2004-x64

Sharing

General

Target

mailpass_grabber_checker.exe
Size

3.1MB
Sample

240126-xsheyadggn
MD5

8b8b8e63ee314ca7e7fb41b1505c8bb2
SHA1

01b3ae7b9f46b8dd21a98326b327417b0a2aed4a
SHA256

5f1dd77b816aebcbf1238bd4af19e7e5a88f946210998ad30a9cd829c7f9ae2c
SHA512

327ed2570e5bfab4ad6c1dd40df4d1e98d7afb5dda5acb0b101ec0e22d55d90dcb2cb0a1f73db96047bbc6b419de2b8350e91520395af34fe26f5e2f4596a698
SSDEEP

49152:SvTt62XlaSFNWPjljiFa2RoUYImkyj3wyck//4oGdMJTHHB72eh2NT:SvB62XlaSFNWPjljiFXRoUYINym

Score

10^/10

quasar pc spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

mailpass_grabber_checker.exe

Resource

win7-20231129-en

quasar pc spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

mailpass_grabber_checker.exe

Resource

win10v2004-20231222-en

quasar pc spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PC

C2

85.215.149.159:5464

Mutex

ee30a48c-07fe-47de-a88d-5542a9407485

Attributes

encryption_key
15B77B25A069D605CCCD54B1C03E024CB16CA802
install_name
desktop.exe
log_directory
Logs
reconnect_delay
3000
startup_key
desktop
subdirectory
win_dir

Targets

- Target
  
  mailpass_grabber_checker.exe
- Size
  
  3.1MB
- MD5
  
  8b8b8e63ee314ca7e7fb41b1505c8bb2
- SHA1
  
  01b3ae7b9f46b8dd21a98326b327417b0a2aed4a
- SHA256
  
  5f1dd77b816aebcbf1238bd4af19e7e5a88f946210998ad30a9cd829c7f9ae2c
- SHA512
  
  327ed2570e5bfab4ad6c1dd40df4d1e98d7afb5dda5acb0b101ec0e22d55d90dcb2cb0a1f73db96047bbc6b419de2b8350e91520395af34fe26f5e2f4596a698
- SSDEEP
  
  49152:SvTt62XlaSFNWPjljiFa2RoUYImkyj3wyck//4oGdMJTHHB72eh2NT:SvB62XlaSFNWPjljiFXRoUYINym
Score

10^/10

quasar pc spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarpcspywaretrojan

behavioral2

quasarpcspywaretrojan

© 2018-2024

Terms | Privacy