quasar | hxxps://gofile[.]io/d/O8pLMV

General

Target

https://gofile.io/d/O8pLMV
Sample

240218-a9eztacg38

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

client

C2

192.168.1.190:8080

Mutex

4787fbcd-9b88-411d-86f3-9a4da6d1b091

Attributes

encryption_key
9125BEED3E3189E9FC0B8834A851F5BAC4D273FD
install_name
Aquatic Raider.exe
log_directory
Logs
reconnect_delay
3000
startup_key
snfr
subdirectory
SubDir

Targets

- Target
  
  https://gofile.io/d/O8pLMV
Score

10^/10

quasar client spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Downloads MZ/PE file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1