quasar | 90e6021564d45d877555674a8e44ea83fdac8d4c58d50cec72f068c608c18aab | Triage

Submit
Reports

Overview

overview

Static

static

90e6021564...ab.exe

windows7-x64

90e6021564...ab.exe

windows10-2004-x64

Sharing

General

Target

90e6021564d45d877555674a8e44ea83fdac8d4c58d50cec72f068c608c18aab
Size

3.1MB
Sample

240331-3ygngsgb32
MD5

cb9d96470528dad492231fcdf0925086
SHA1

c9c556cabeaa09e24d999fc5d597999a5e0c164d
SHA256

90e6021564d45d877555674a8e44ea83fdac8d4c58d50cec72f068c608c18aab
SHA512

121fd90e09ff59ad056bc15c8c9b90db9298c8a9606a61d20153031bd083ea9df51b8d8c6c34cfb61e8cd6e385bdbe426eeb4c6a85ca87ddea06c7bb3af15a3c
SSDEEP

49152:PvRuf2NUaNmwzPWlvdaKM7ZxTwcQJ+3lmZIXoG/PTHHB72eh2NT:Pvsf2NUaNmwzPWlvdaB7ZxTw1J+3z

Score

10^/10

quasar slave spyware trojan

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

90e6021564d45d877555674a8e44ea83fdac8d4c58d50cec72f068c608c18aab.exe

Resource

win7-20240221-en

quasar slave spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

90e6021564d45d877555674a8e44ea83fdac8d4c58d50cec72f068c608c18aab.exe

Resource

win10v2004-20240319-en

quasar slave spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

140.238.91.110:38899

uk2.localto.net:38899:38899

Mutex

276d9dc6-b19c-4958-8ac3-89586bd3b515

Attributes

encryption_key
ABCF70C37D1A79A01712038122D1532DF20DF72A
install_name
Client.exe
log_directory
Error Logs
reconnect_delay
3000
startup_key
WOS64
subdirectory
Windows

Targets

- Target
  
  90e6021564d45d877555674a8e44ea83fdac8d4c58d50cec72f068c608c18aab
- Size
  
  3.1MB
- MD5
  
  cb9d96470528dad492231fcdf0925086
- SHA1
  
  c9c556cabeaa09e24d999fc5d597999a5e0c164d
- SHA256
  
  90e6021564d45d877555674a8e44ea83fdac8d4c58d50cec72f068c608c18aab
- SHA512
  
  121fd90e09ff59ad056bc15c8c9b90db9298c8a9606a61d20153031bd083ea9df51b8d8c6c34cfb61e8cd6e385bdbe426eeb4c6a85ca87ddea06c7bb3af15a3c
- SSDEEP
  
  49152:PvRuf2NUaNmwzPWlvdaKM7ZxTwcQJ+3lmZIXoG/PTHHB72eh2NT:Pvsf2NUaNmwzPWlvdaB7ZxTw1J+3z
Score

10^/10

quasar slave spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarslavespywaretrojan

behavioral2

quasarslavespywaretrojan

© 2018-2024

Terms | Privacy