quasar | 7b2999ffadbc3b5b5c5e94145ca4e2f8de66ac1e3ddd5228c98b16bbc716793f | Triage

Submit
Reports

Overview

overview

Static

static

3

f1d107abe5...18.exe

windows7-x64

f1d107abe5...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f1d107abe525f851b39938b133ab53de_JaffaCakes118
Size

2.7MB
Sample

240415-ytwjmahb8y
MD5

f1d107abe525f851b39938b133ab53de
SHA1

687bdbaf20f0f86074c7cad7fc395d9108e3aca4
SHA256

7b2999ffadbc3b5b5c5e94145ca4e2f8de66ac1e3ddd5228c98b16bbc716793f
SHA512

e73f1930a76fbe43e50a7d14a13cff53f04358742ab90c1f718d54512087abf503cdb9babd57f5b3c70427dff9ab1889fcf9a6c46b469cf68f3630b2289d92a5
SSDEEP

49152:m84LQ4LUybE7BS0ulH1wi8PgTuLKATfCwUbUxzR1L972qvJ:m5Q4vbEy1QISPCbUxzRJVJ

Score

10^/10

quasar spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f1d107abe525f851b39938b133ab53de_JaffaCakes118.exe

Resource

win7-20240221-en

quasar spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1d107abe525f851b39938b133ab53de_JaffaCakes118.exe

Resource

win10v2004-20240412-en

quasar spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  f1d107abe525f851b39938b133ab53de_JaffaCakes118
- Size
  
  2.7MB
- MD5
  
  f1d107abe525f851b39938b133ab53de
- SHA1
  
  687bdbaf20f0f86074c7cad7fc395d9108e3aca4
- SHA256
  
  7b2999ffadbc3b5b5c5e94145ca4e2f8de66ac1e3ddd5228c98b16bbc716793f
- SHA512
  
  e73f1930a76fbe43e50a7d14a13cff53f04358742ab90c1f718d54512087abf503cdb9babd57f5b3c70427dff9ab1889fcf9a6c46b469cf68f3630b2289d92a5
- SSDEEP
  
  49152:m84LQ4LUybE7BS0ulH1wi8PgTuLKATfCwUbUxzR1L972qvJ:m5Q4vbEy1QISPCbUxzRJVJ
Score

10^/10

quasar spyware stealer trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarspywarestealertrojan

behavioral2

quasarspywarestealertrojan

© 2018-2025

Terms | Privacy