quasar | d76830288a3be762842427e66dc58a37e874cebf25243b74b4d6f5deef31bfd8 | Triage

Submit
Reports

Overview

overview

Static

static

3

1332bb84df...56.exe

windows7-x64

1332bb84df...56.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f53938373434c1b46ab8333b99b5025e.bin
Size

2.8MB
Sample

240312-fa8ezaae79
MD5

36e2c65f96b12dda71a8815d2b0c1674
SHA1

2e2411232f4c2cb39043497830d8070c72fcefa1
SHA256

d76830288a3be762842427e66dc58a37e874cebf25243b74b4d6f5deef31bfd8
SHA512

6941639c6c55782f226d4e1d6214b764751df57bcc0486e9c9a4062bd6c98187cb805d64cc84e4b9aa9d2267ff289b07e033f0ca8576dffd6112fcfb8e02fff3
SSDEEP

49152:tYnjbo2yw3arwniPfFNNvdUodoZj1bbLlWM8JWx2oAToY/DebSiGBlQbNRh:t8jDYc+tN1dslWlJWx2P9ebSN6h

Score

10^/10

quasar default spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1332bb84dff1a55902b5eb2c76988f94a9edf4727d2c79871c47858b270f0856.exe

Resource

win7-20240215-en

quasar default spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1332bb84dff1a55902b5eb2c76988f94a9edf4727d2c79871c47858b270f0856.exe

Resource

win10v2004-20240226-en

quasar default spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Default

C2

dksj.wi-fi.rip:4782

Mutex

fac0455c-d035-445a-a501-d39c40248ae5

Attributes

encryption_key
E883FEA800A47B3B853A04DDCD0D162E782B41B7
install_name
Client.exe
log_directory
fdgdg
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  1332bb84dff1a55902b5eb2c76988f94a9edf4727d2c79871c47858b270f0856.exe
- Size
  
  3.2MB
- MD5
  
  f53938373434c1b46ab8333b99b5025e
- SHA1
  
  1f3ae2bda22c8c30a84563094ff2c30d1265fa91
- SHA256
  
  1332bb84dff1a55902b5eb2c76988f94a9edf4727d2c79871c47858b270f0856
- SHA512
  
  b733120eb598287a5eb5b8cf10cc0e0343756ac50f72657a959a908de2d0b3325e1c195b815a7981d83618135914d33b89bc8a9a6cef2c293352be5604aab596
- SSDEEP
  
  49152:paFWfGWVGvidJg/yfFF9mkQiCrIw20BWBvM0cPV9GadnnCQ/J4CWJl/dTTKXcG:paFCTW/sUni+w0CvA9GtllTTKMG
Score

10^/10

quasar default spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardefaultspywaretrojan

behavioral2

quasardefaultspywaretrojan

© 2018-2025

Terms | Privacy