quasar | 1693d7b6b73946493e5b1436fcea2f18907d1af7043116bd8b5490ac24d0adf0 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240201-m6hbzsbfe8
MD5

934a355a48cf365aa6f4fcbd11b65527
SHA1

7c5b05c065abb33691edb9e146bfbb065f6a1201
SHA256

1693d7b6b73946493e5b1436fcea2f18907d1af7043116bd8b5490ac24d0adf0
SHA512

e1eed51a46fb0a8d65c4265f407d4f5c01abf78d9a10f01b2129d3ce731e01c0c72c3be55d21fa3f73fa4fe2b9b77de5d96ff23a51d38f8b9745431b8257e126
SSDEEP

49152:7v5hBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaYC31JlLoGdNsTHHB72eh2NT:7vht2d5aKCuVPzlEmVQ0wvwfYCV

Score

10^/10

quasar update spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20231129-en

quasar update spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20231222-en

quasar update spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Update

C2

101.177.227.103:4782

192.168.0.59:4782

Mutex

5bd89e12-1843-46a3-8143-daf9d4c1057e

Attributes

encryption_key
87489E2D5B0F0ED148EFB8C3A6EE104AB572BC56
install_name
Client.exe
log_directory
Anti-Malware Detection Config
reconnect_delay
5000
startup_key
Anti-Malware Process
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  934a355a48cf365aa6f4fcbd11b65527
- SHA1
  
  7c5b05c065abb33691edb9e146bfbb065f6a1201
- SHA256
  
  1693d7b6b73946493e5b1436fcea2f18907d1af7043116bd8b5490ac24d0adf0
- SHA512
  
  e1eed51a46fb0a8d65c4265f407d4f5c01abf78d9a10f01b2129d3ce731e01c0c72c3be55d21fa3f73fa4fe2b9b77de5d96ff23a51d38f8b9745431b8257e126
- SSDEEP
  
  49152:7v5hBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaYC31JlLoGdNsTHHB72eh2NT:7vht2d5aKCuVPzlEmVQ0wvwfYCV
Score

10^/10

quasar update spyware trojan stealer
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarupdatespywaretrojan

behavioral2

quasarupdatespywarestealertrojan

© 2018-2024

Terms | Privacy