Overview
overview
10Static
static
10Quasar.v1.4.1.zip
windows7-x64
1Quasar.v1.4.1.zip
windows10-2004-x64
1Quasar v1....se.txt
windows7-x64
1Quasar v1....se.txt
windows10-2004-x64
1Quasar v1....e.html
windows7-x64
1Quasar v1....e.html
windows10-2004-x64
1Quasar v1....se.txt
windows7-x64
1Quasar v1....se.txt
windows10-2004-x64
1Quasar v1....se.txt
windows7-x64
1Quasar v1....se.txt
windows10-2004-x64
1Quasar v1....se.txt
windows7-x64
1Quasar v1....se.txt
windows10-2004-x64
1Quasar v1....se.txt
windows7-x64
1Quasar v1....se.txt
windows10-2004-x64
1Quasar v1....se.txt
windows7-x64
1Quasar v1....se.txt
windows10-2004-x64
1Quasar v1....se.txt
windows7-x64
1Quasar v1....se.txt
windows10-2004-x64
1Quasar v1....to.dll
windows7-x64
1Quasar v1....to.dll
windows10-2004-x64
1Quasar v1....ok.dll
windows7-x64
1Quasar v1....ok.dll
windows10-2004-x64
1Quasar v1.4.1/LICENSE
windows7-x64
1Quasar v1.4.1/LICENSE
windows10-2004-x64
1Quasar v1....db.dll
windows7-x64
1Quasar v1....db.dll
windows10-2004-x64
1Quasar v1....db.dll
windows7-x64
1Quasar v1....db.dll
windows10-2004-x64
1Quasar v1....ks.dll
windows7-x64
1Quasar v1....ks.dll
windows10-2004-x64
1Quasar v1....il.dll
windows7-x64
1Quasar v1....il.dll
windows10-2004-x64
1Analysis
-
max time kernel
444s -
max time network
446s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15/03/2024, 04:54
Behavioral task
behavioral1
Sample
Quasar.v1.4.1.zip
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
Quasar.v1.4.1.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Quasar v1.4.1/3rdPartyLicenses/Be.HexEditor_license.txt
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Quasar v1.4.1/3rdPartyLicenses/Be.HexEditor_license.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Quasar v1.4.1/3rdPartyLicenses/BouncyCastle_license.html
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Quasar v1.4.1/3rdPartyLicenses/BouncyCastle_license.html
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Quasar v1.4.1/3rdPartyLicenses/GlobalMouseKeyHook_license.txt
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Quasar v1.4.1/3rdPartyLicenses/GlobalMouseKeyHook_license.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Quasar v1.4.1/3rdPartyLicenses/Mono.Cecil_license.txt
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Quasar v1.4.1/3rdPartyLicenses/Mono.Cecil_license.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
Quasar v1.4.1/3rdPartyLicenses/Open.Nat_license.txt
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
Quasar v1.4.1/3rdPartyLicenses/Open.Nat_license.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Quasar v1.4.1/3rdPartyLicenses/ResourceLib_license.txt
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Quasar v1.4.1/3rdPartyLicenses/ResourceLib_license.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Quasar v1.4.1/3rdPartyLicenses/SilkIcons_license.txt
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
Quasar v1.4.1/3rdPartyLicenses/SilkIcons_license.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Quasar v1.4.1/3rdPartyLicenses/protobuf-net_license.txt
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
Quasar v1.4.1/3rdPartyLicenses/protobuf-net_license.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Quasar v1.4.1/BouncyCastle.Crypto.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Quasar v1.4.1/BouncyCastle.Crypto.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Quasar v1.4.1/Gma.System.MouseKeyHook.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Quasar v1.4.1/Gma.System.MouseKeyHook.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Quasar v1.4.1/LICENSE
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
Quasar v1.4.1/LICENSE
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Quasar v1.4.1/Mono.Cecil.Mdb.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Quasar v1.4.1/Mono.Cecil.Mdb.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Quasar v1.4.1/Mono.Cecil.Pdb.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Quasar v1.4.1/Mono.Cecil.Pdb.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Quasar v1.4.1/Mono.Cecil.Rocks.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
Quasar v1.4.1/Mono.Cecil.Rocks.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Quasar v1.4.1/Mono.Cecil.dll
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
Quasar v1.4.1/Mono.Cecil.dll
Resource
win10v2004-20240226-en
General
-
Target
Quasar v1.4.1/BouncyCastle.Crypto.dll
-
Size
3.2MB
-
MD5
0cf454b6ed4d9e46bc40306421e4b800
-
SHA1
9611aa929d35cbd86b87e40b628f60d5177d2411
-
SHA256
e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42
-
SHA512
85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048
-
SSDEEP
49152:JIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9Y:6BbBWIgWljGxRB/LLY
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 4260 svchost.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\BouncyCastle.Crypto.dll",#11⤵PID:4980
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4436
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4260
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5a55dec6cfb08440f58a404b786ec34aa
SHA1118d9bdf01362af0f1fa20c9cc3e4c249a71e3c9
SHA256a57d12ad7bed1575efa818ac6ee391515110ac3dace974e16be9ac6bfa681c64
SHA5123af17b6eb6ecc2801cc073a7b6f8003dd675c842347510a143f37ea910e9f89858be9543f301daa143b0a107480002f3e32a5da46cb9b7bbb9bac1cc1866b562