quasar | 55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047 | Triage

Submit
Reports

Overview

overview

Static

static

1

AnyDesk.exe

windows10-2004-x64

Sharing

General

Target

AnyDesk.exe
Size

5.0MB
Sample

240223-1gashahe23
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

10^/10

quasar vanta spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

AnyDesk.exe

Resource

win10v2004-20240221-en

quasar vanta spyware trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Vanta

C2

2.tcp.eu.ngrok.io:11346

Mutex

2f626b58-6546-4776-989a-1b970e109b69

Attributes

encryption_key
4811C43E776477A0F19082FD684C2586D1559271
install_name
VantaFN.exe
log_directory
LogsK
reconnect_delay
3000
startup_key
Discord
subdirectory
SubDir

Targets

- Target
  
  AnyDesk.exe
- Size
  
  5.0MB
- MD5
  
  a21768190f3b9feae33aaef660cb7a83
- SHA1
  
  24780657328783ef50ae0964b23288e68841a421
- SHA256
  
  55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
- SHA512
  
  ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
- SSDEEP
  
  98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x
Score

10^/10

quasar vanta spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvantaspywaretrojan

© 2018-2025

Terms | Privacy