quasar | d1d5f8c21e7111ca5a3a03d0fc6fed418af963d49b24980e1730057a5e5e8745 | Triage

Sharing

General

Target

dhm by @euvh.zip
Size

24.8MB
Sample

240329-adts4ach32
MD5

20cedc756914f99a7e89b9e0d1b3a55a
SHA1

4ea35fcae2d55c4d5fd4f6ac394bef6355802837
SHA256

d1d5f8c21e7111ca5a3a03d0fc6fed418af963d49b24980e1730057a5e5e8745
SHA512

11fb6f7ea4bea0b3136c6f8cda2b5ae0313fad37077041ee21cb53a85d6f0746f2bffada390a04fab135525d07715eaed91435b5a944f6ef1927c36a29af6182
SSDEEP

393216:EldCF56GQJuWH02ZercbS5F6Jqkdfuc0YAuCaeoivzWgxuSBGZ/IgSnnhDaVe:EldCWGTY0sbS5FaqOp0/OQ5uSlgcuVe

Score

10^/10

quasar pyinstaller spyware trojan

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  dhm/1st person.exe
- Size
  
  7.2MB
- MD5
  
  c28dce9187b335c57ce008c66e8518bc
- SHA1
  
  a6293563e4b65729a4d9e3fab00fd9039aabea1b
- SHA256
  
  809e6fa47c22d81331415148c7846c05e6a03243b247084b1569eb67dd35cc06
- SHA512
  
  ef9dd6d26e21c1730faee2ba10411ac77540de3a10b1706c4003185ace8988d53cad45ce8744e12c64de0e90bec00aa99c4d8647bd9994eb743c9c9f1a9407a2
- SSDEEP
  
  196608:Ibvq1W903eV4QtMToEuGxgh858F0ibfUxgABrbk9At8+:agW+eGQtMTozGxu8C0ibftzU
Score

7^/10
- Loads dropped DLL
behavioral1
- Target
  
  kiracro-toggle.pyc
- Size
  
  4KB
- MD5
  
  6863f2d5e67b8fb9ce28887af59502a3
- SHA1
  
  074412b918b27cce0afce518e48085edf565b410
- SHA256
  
  dabb5f6442383b2330a8f2ff49d7daab5a585aee2f322ec80e440d36542c2968
- SHA512
  
  cb9d5ec1b08f530f16d7af0c49c0029b5b91d941037ff15fbdf2eb72739425540cfe96a3fb9735a7d819bfbe06c784187be38f8a9841bf0206bbe05b8bf4c3b6
- SSDEEP
  
  96:s3np/CJjV15CCnDJ20s2xD7NGPoT+mMINRln:s3UV1sC920F7Uf+l
Score

3^/10
behavioral2
- Target
  
  dhm/3rd person.exe
- Size
  
  7.2MB
- MD5
  
  9037c91be43d1e7ca0fe56759181fc1d
- SHA1
  
  1e996fef03cb94f804f914bc11f81f4b90e014c6
- SHA256
  
  4e69d0cfd51010178ad5b5bba1da977cf1c324ce8b6acc80d76b8284ed25299b
- SHA512
  
  b8754528c4004c9dfd10b008ea43ae12965f91ae2e8d13dbdfb7af943eba970f0c817dcf110b539ea18277047ff27f6a9f77e9c7a95ea5d0d5b7471658525da0
- SSDEEP
  
  196608:fpLq1W903eV4QtMToEuGxgh858F0ibfUxgABrbk9At8+:BgW+eGQtMTozGxu8C0ibftzU
Score

7^/10
- Loads dropped DLL
behavioral3
- Target
  
  kiracro-toggle.pyc
- Size
  
  4KB
- MD5
  
  f86b6856d307e5dc2cbb21a6e0a3ac6b
- SHA1
  
  e42a0cee8682050da78f43baab3270c48e6c3e74
- SHA256
  
  5007d84253de6d6e9415f343825df58a6013103c3ad3dfc36ecae932448cca45
- SHA512
  
  089ed94595e11909ec78d8807f30899443109c3f6dc1af28e7e22edd8763b9f6b5a086d8a17e6ca82eb77c8e3dcc380d8f383a208a6d571e2b45f5cdae63493b
- SSDEEP
  
  96:s3np/CJjV15CCnDa0MIXvxDqOPBT+mMINuEln:s3UV1sC20jV8XEl
Score

3^/10
behavioral4
- Target
  
  dhm/requirements.bat
- Size
  
  15.5MB
- MD5
  
  60c6f3b002d9bc81aa993566ed1d4daf
- SHA1
  
  8b801703fe6e418cf59b50a46c21bf79b104ee8e
- SHA256
  
  a53d1740f3c14be4608db28590ef26264975d13d4cb7ff4fc823a3107798cf42
- SHA512
  
  9b2cb3ba41c21023453fff0a29b1dbd534ab87a6af1255fd5bd6e521bbacf617355dc17592f8b876e4d340494df1ef9efe268c6276d654f74ad2888e7d9df319
- SSDEEP
  
  49152:ttG1Kmdh/bGIPKdMdGB52bc0MIoW8mN+aNahOJDZQevDR+SEOzjm9d+SpUNKbkVq:P
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Deletes itself
- Executes dropped EXE
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

quasarspywaretrojan