quasar | b3f58c9c8cdc767f47ba79a89b8562af01bc1c68485a2c453adba2292f84dd26 | Triage

Submit
Reports

Overview

overview

Static

static

1

Uni.bat

windows10-2004-x64

Sharing

General

Target

Uni.bat
Size

14.9MB
Sample

240212-was82scc85
MD5

a04be134083f16f41a3f08162614da27
SHA1

7d90c58f7af0b10cd404da2df22640ac0da75a90
SHA256

b3f58c9c8cdc767f47ba79a89b8562af01bc1c68485a2c453adba2292f84dd26
SHA512

f1270f896c13c191d1bbe443eb66950240d3d39f3b0fed639751fdcf1f3f95e205ce3bee47401e089333b976752aae23ec87163896dc58200c66ed1712973846
SSDEEP

49152:zncqI9jt+YbH6/BYYrunkbDwbSBU0b1W2R+SFLNXtpEmRwbj4VzjI78/CKFTp7J3:L

Score

10^/10

quasar spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Uni.bat

Resource

win10v2004-20231215-en

quasar spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  Uni.bat
- Size
  
  14.9MB
- MD5
  
  a04be134083f16f41a3f08162614da27
- SHA1
  
  7d90c58f7af0b10cd404da2df22640ac0da75a90
- SHA256
  
  b3f58c9c8cdc767f47ba79a89b8562af01bc1c68485a2c453adba2292f84dd26
- SHA512
  
  f1270f896c13c191d1bbe443eb66950240d3d39f3b0fed639751fdcf1f3f95e205ce3bee47401e089333b976752aae23ec87163896dc58200c66ed1712973846
- SSDEEP
  
  49152:zncqI9jt+YbH6/BYYrunkbDwbSBU0b1W2R+SFLNXtpEmRwbj4VzjI78/CKFTp7J3:L
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarspywaretrojan

© 2018-2024

Terms | Privacy