quasar | 088023dee5807788786ad2707fa34ae3422654ecb0cb9efbc1eb268cec958ff0 | Triage

Submit
Reports

Overview

overview

Static

static

bcf82013e3...98.exe

windows7-x64

bcf82013e3...98.exe

windows10-2004-x64

Sharing

General

Target

bcf82013e39cef4310eb312625ab8598
Size

157KB
Sample

240309-2elbwscf49
MD5

bcf82013e39cef4310eb312625ab8598
SHA1

96f423ba66892855a6d67e96a23bdba885f63944
SHA256

088023dee5807788786ad2707fa34ae3422654ecb0cb9efbc1eb268cec958ff0
SHA512

1cddb94d23d6387dcb0650a74ae2028e6a9744788ce7fe5f4bb98afa41c9670e7097fe1be9b323b2c061742a2c026ea710ff294a3b169085fecdb417beb95ac3
SSDEEP

3072:GfckI9Z12hDq4SWe06jQ75GKqEcjk0XkhFBx4:K0Z12jjM400Tw

Score

10^/10

quasar revengerat games persistence spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bcf82013e39cef4310eb312625ab8598.exe

Resource

win7-20240221-en

quasar revengerat games spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

bcf82013e39cef4310eb312625ab8598.exe

Resource

win10v2004-20240226-en

quasar games persistence spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Games

C2

services18.dns.army:7000

ss1999.64-b.it:7000

Mutex

5EwVZpKkbJ5fq0j9og

Attributes

encryption_key
O6mxl5VNcg9uGSOey4nY
install_name
Instalation Rep.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Firefox Update
subdirectory
Instalation

Targets

- Target
  
  bcf82013e39cef4310eb312625ab8598
- Size
  
  157KB
- MD5
  
  bcf82013e39cef4310eb312625ab8598
- SHA1
  
  96f423ba66892855a6d67e96a23bdba885f63944
- SHA256
  
  088023dee5807788786ad2707fa34ae3422654ecb0cb9efbc1eb268cec958ff0
- SHA512
  
  1cddb94d23d6387dcb0650a74ae2028e6a9744788ce7fe5f4bb98afa41c9670e7097fe1be9b323b2c061742a2c026ea710ff294a3b169085fecdb417beb95ac3
- SSDEEP
  
  3072:GfckI9Z12hDq4SWe06jQ75GKqEcjk0XkhFBx4:K0Z12jjM400Tw
Score

10^/10

quasar revengerat games spyware trojan persistence
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- RevengeRAT
  Remote-access trojan with a wide range of capabilities.
  trojan revengerat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarrevengeratgamesspywaretrojan

behavioral2

quasargamespersistencespywaretrojan

© 2018-2024

Terms | Privacy