quasar | 2f8e8f5377704003105c743f1bb02fc9207c7706ee043f177bed04264854e2fe | Triage

Submit
Reports

Overview

overview

Static

static

1

tinytask.ini

windows11-21h2-x64

Sharing

General

Target

tinytask.ini
Size

137B
Sample

240202-psa2vsgafk
MD5

fb40ffedb9325270aaaa135f340b94d7
SHA1

7e2fe97c48e35797d288e8bbe37926771c25d23f
SHA256

2f8e8f5377704003105c743f1bb02fc9207c7706ee043f177bed04264854e2fe
SHA512

8cfdaef54d9a230f3ba393c76d26fd0a6b2b424071d15e7dc205a3a55d1a26f2a6ce7d17271da11b3e2ba32439212cf9f18df53fbb9ba6c233e18d397fa62234

Score

10^/10

quasar gimp1 persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

tinytask.ini

Resource

win11-20231215-en

quasar gimp1 persistence spyware trojan

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

gimp1

C2

193.42.33.210:4444

gimpdns.ddns.net:4444

Mutex

QSR_MUTEX_XwuUSTCgYhmnf6vJ1L

Attributes

encryption_key
lRzFKjYQKUKzh6RyUYYQ
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Targets

- Target
  
  tinytask.ini
- Size
  
  137B
- MD5
  
  fb40ffedb9325270aaaa135f340b94d7
- SHA1
  
  7e2fe97c48e35797d288e8bbe37926771c25d23f
- SHA256
  
  2f8e8f5377704003105c743f1bb02fc9207c7706ee043f177bed04264854e2fe
- SHA512
  
  8cfdaef54d9a230f3ba393c76d26fd0a6b2b424071d15e7dc205a3a55d1a26f2a6ce7d17271da11b3e2ba32439212cf9f18df53fbb9ba6c233e18d397fa62234
Score

10^/10

quasar gimp1 persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasargimp1persistencespywaretrojan

© 2018-2024

Terms | Privacy