quasar | 376ecc6bbf3db6782f5548c1d58c5c1a72146f684f395fa6e40253db10834546 | Triage

Submit
Reports

Overview

overview

Static

static

1

Uni.bat

windows7-x64

1

Uni.bat

windows10-2004-x64

Sharing

General

Target

Uni.bat
Size

5.1MB
Sample

240325-lspcpsfe2x
MD5

23437e2baad94ab4255396007b06b3eb
SHA1

ebd04f77aa36f67a48e855601e31424b4547228d
SHA256

376ecc6bbf3db6782f5548c1d58c5c1a72146f684f395fa6e40253db10834546
SHA512

5d888ba40f8c63a1e8e18f8c152d5ed6aca400455982ee615712dff80ba4fbe719c86c6b7a44227275548cbff75cc23326902b9b2c9c4fa8e9ccb26c89f83589
SSDEEP

24576:bQcksZhAsxYu9bEUt4Qa1CFQa5Z4tp5ljbjvGr2BBgfretKRxMp+hrQB0eJM2a8V:kSbESV0MFJnGRfrnQwsxZLHC

Score

10^/10

quasar slave spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Uni.bat

Resource

win7-20240221-en

windows7-x64

0 signatures

60 seconds

Behavioral task

behavioral2

Sample

Uni.bat

Resource

win10v2004-20240226-en

quasar slave spyware trojan

windows10-2004-x64

12 signatures

60 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

140.238.91.110:34353

Mutex

25ab9d56-6ef2-47d3-99aa-2142fbcd41fa

Attributes

encryption_key
8E710985199C6BF86CCE90DA92448A36E2F45F51
install_name
XWormV5.6.exe
log_directory
WindowsUPDLogs
reconnect_delay
3000
startup_key
Windows BIOS Update Checker
subdirectory
SubDir

Targets

- Target
  
  Uni.bat
- Size
  
  5.1MB
- MD5
  
  23437e2baad94ab4255396007b06b3eb
- SHA1
  
  ebd04f77aa36f67a48e855601e31424b4547228d
- SHA256
  
  376ecc6bbf3db6782f5548c1d58c5c1a72146f684f395fa6e40253db10834546
- SHA512
  
  5d888ba40f8c63a1e8e18f8c152d5ed6aca400455982ee615712dff80ba4fbe719c86c6b7a44227275548cbff75cc23326902b9b2c9c4fa8e9ccb26c89f83589
- SSDEEP
  
  24576:bQcksZhAsxYu9bEUt4Qa1CFQa5Z4tp5ljbjvGr2BBgfretKRxMp+hrQB0eJM2a8V:kSbESV0MFJnGRfrnQwsxZLHC
Score

10^/10

quasar slave spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

quasarslavespywaretrojan

© 2018-2024

Terms | Privacy