quasar | 14b67f3273192e061b04c05bb81aea8794f58a856b762006fb2359f55230327c | Triage

Submit
Reports

Overview

overview

Static

static

3

SecuriteIn...73.exe

windows7-x64

SecuriteIn...73.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.IL.Trojan.MSILZilla.35146.9856.2573.exe
Size

666KB
Sample

240310-1aq6xacb67
MD5

d8cec9abef1a3d395031b4528a39203f
SHA1

4a0603a98dd87ea78acb3b90613f1b9cc7c5e7f3
SHA256

14b67f3273192e061b04c05bb81aea8794f58a856b762006fb2359f55230327c
SHA512

7106cc6f72cf54f368fc6052f6043024c6cff6711efdadf4bc696889cecb950f31f1c3b6caebb07bf4be605885d3aa0509078d20e705c698dd2f81b6cc31634c
SSDEEP

12288:OPjMEqtt7uY2R7e9Q6bfCo8VZAr671FAAb7qNf72wkfuXdwuKhS5Ec7sTxKR9gVq:yqtt7zRpbfCo8VZK671FAOqNf725futL

Score

10^/10

quasar zgrat default rat spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SecuriteInfo.com.IL.Trojan.MSILZilla.35146.9856.2573.exe

Resource

win7-20240215-en

quasar zgrat default rat spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.IL.Trojan.MSILZilla.35146.9856.2573.exe

Resource

win10v2004-20231215-en

quasar zgrat default rat spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Default

C2

dksj.wi-fi.rip:4782

Mutex

fac0455c-d035-445a-a501-d39c40248ae5

Attributes

encryption_key
E883FEA800A47B3B853A04DDCD0D162E782B41B7
install_name
Client.exe
log_directory
fdgdg
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  SecuriteInfo.com.IL.Trojan.MSILZilla.35146.9856.2573.exe
- Size
  
  666KB
- MD5
  
  d8cec9abef1a3d395031b4528a39203f
- SHA1
  
  4a0603a98dd87ea78acb3b90613f1b9cc7c5e7f3
- SHA256
  
  14b67f3273192e061b04c05bb81aea8794f58a856b762006fb2359f55230327c
- SHA512
  
  7106cc6f72cf54f368fc6052f6043024c6cff6711efdadf4bc696889cecb950f31f1c3b6caebb07bf4be605885d3aa0509078d20e705c698dd2f81b6cc31634c
- SSDEEP
  
  12288:OPjMEqtt7uY2R7e9Q6bfCo8VZAr671FAAb7qNf72wkfuXdwuKhS5Ec7sTxKR9gVq:yqtt7zRpbfCo8VZK671FAOqNf725futL
Score

10^/10

quasar zgrat default rat spyware trojan
- Detect ZGRat V1
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarzgratdefaultratspywaretrojan

behavioral2

quasarzgratdefaultratspywaretrojan

© 2018-2025

Terms | Privacy