Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://ufile.io/510...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://ufile.io/5103n24a

  • Sample

    240415-cca1psbe63

Score
10/10
quasartestspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

test

C2

192.168.0.154:4782:4782

Mutex

8b0b296a-2bd1-4c60-add6-cc5c5a801d0b

Attributes
  • encryption_key

    328DC833931AA8688C087F214529DFB3D22905BF

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    windows

  • subdirectory

    SubDir

Targets

    • Target

      https://ufile.io/5103n24a

    Score
    10/10
    quasartestspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks