quasar | c89e271601f509d5ab240913749a9bf28523dce349f13c59e648877d7a80b1b3 | Triage

Submit
Reports

Overview

overview

Static

static

WinformCrack.exe

windows7-x64

WinformCrack.exe

windows10-2004-x64

Sharing

General

Target

WinformCrack.exe
Size

3.1MB
Sample

240323-xj1j6ade3s
MD5

a64821e6d15cdc5f778e2d75a843a988
SHA1

653c50d75df7da8035bbbdb45a6744f007846f98
SHA256

c89e271601f509d5ab240913749a9bf28523dce349f13c59e648877d7a80b1b3
SHA512

b29df36bf61c5926bf7fb881e706400f4ac830287a6a1af5102497c474c4664dc9573aa2cc5a55a0a67bf8bc473b0924cc515ed605304e815d95437e6912ab60
SSDEEP

49152:WviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Wvv22SsaNYfdPBldt6+dBcjH8iRJ67

Score

10^/10

quasar slave spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

WinformCrack.exe

Resource

win7-20240221-en

quasar slave spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

WinformCrack.exe

Resource

win10v2004-20240226-en

quasar slave spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

140.238.91.110:34353

Mutex

25ab9d56-6ef2-47d3-99aa-2142fbcd41fa

Attributes

encryption_key
8E710985199C6BF86CCE90DA92448A36E2F45F51
install_name
XWormV5.6.exe
log_directory
WindowsUPDLogs
reconnect_delay
3000
startup_key
Windows BIOS Update Checker
subdirectory
SubDir

Targets

- Target
  
  WinformCrack.exe
- Size
  
  3.1MB
- MD5
  
  a64821e6d15cdc5f778e2d75a843a988
- SHA1
  
  653c50d75df7da8035bbbdb45a6744f007846f98
- SHA256
  
  c89e271601f509d5ab240913749a9bf28523dce349f13c59e648877d7a80b1b3
- SHA512
  
  b29df36bf61c5926bf7fb881e706400f4ac830287a6a1af5102497c474c4664dc9573aa2cc5a55a0a67bf8bc473b0924cc515ed605304e815d95437e6912ab60
- SSDEEP
  
  49152:WviI22SsaNYfdPBldt698dBcjH8iRJ65bR3LoGdjTHHB72eh2NT:Wvv22SsaNYfdPBldt6+dBcjH8iRJ67
Score

10^/10

quasar slave spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarslavespywaretrojan

behavioral2

quasarslavespywaretrojan

© 2018-2024

Terms | Privacy