quasar | 0d9c35b3d2445b75ac03e8262eaf8e3d33bbff847117c258e7e9004a939f98ac | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240325-ss54saee21
MD5

822e048463d403ce46d088632c7cde79
SHA1

3a0163ddc68971a0b6d320bfaaa5f822f9f72723
SHA256

0d9c35b3d2445b75ac03e8262eaf8e3d33bbff847117c258e7e9004a939f98ac
SHA512

153cf9fb14000c5fffe63d2e53d476afa7e9aa1093dec48b4bb916bfd60bdb5073560defaa008b233531e7144931b0a13f01fd733884adb7b7c849b5758a7b94
SSDEEP

49152:evBt62XlaSFNWPjljiFa2RoUYIBFqJaBxFroGdrTHHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIBgJk

Score

10^/10

quasar test spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240221-en

quasar test spyware trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240319-en

quasar test spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

test

C2

192.168.1.42:4444

Mutex

4b03e5df-6c5c-4839-9fd6-36ef4d0ed7a7

Attributes

encryption_key
D005DC9DC709AD88D212092A2FA8D08A138AAA86
install_name
winreset.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
Boot

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  822e048463d403ce46d088632c7cde79
- SHA1
  
  3a0163ddc68971a0b6d320bfaaa5f822f9f72723
- SHA256
  
  0d9c35b3d2445b75ac03e8262eaf8e3d33bbff847117c258e7e9004a939f98ac
- SHA512
  
  153cf9fb14000c5fffe63d2e53d476afa7e9aa1093dec48b4bb916bfd60bdb5073560defaa008b233531e7144931b0a13f01fd733884adb7b7c849b5758a7b94
- SSDEEP
  
  49152:evBt62XlaSFNWPjljiFa2RoUYIBFqJaBxFroGdrTHHB72eh2NT:evr62XlaSFNWPjljiFXRoUYIBgJk
Score

10^/10

quasar test spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasartestspywaretrojan

behavioral2

quasartestspywaretrojan

© 2018-2024

Terms | Privacy