quasar | f86ebcd90755fdc28403d64a74ecb638fcae11d51888acca92975cc72902e2d5 | Triage

Sharing

General

Target

jstr-built.bat
Size

1.8MB
Sample

240417-atkv5agf26
MD5

6152646d22fa2dfddf47c46a854a04bb
SHA1

b0741da3d0cb9d00bc583e5acc11db419fd1de61
SHA256

f86ebcd90755fdc28403d64a74ecb638fcae11d51888acca92975cc72902e2d5
SHA512

9542dc77487b0abf82bbeff4fd09c35958344855c7825a4b2ce2ee6bd887eb584b7e1c6ea900b1210b130dd70184d5ca66f7a2de7e9e90ef85c403261841840c
SSDEEP

49152:lb7smSSlM/MByDVR/aFPxB0snxHsgfM+DLHeD:2

Score

10^/10

quasar slave spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Slave

C2

127.0.0.1:80

0.tcp.ngrok.io :19607

Mutex

569bd8bb-286e-475a-a912-45ea94f9c8b7

Attributes

encryption_key
1AF7C677BDE3B8255A8F16FC1CA9D8C708B5355F
install_name
system32 QC.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
Windows QC

Targets

- Target
  
  jstr-built.bat
- Size
  
  1.8MB
- MD5
  
  6152646d22fa2dfddf47c46a854a04bb
- SHA1
  
  b0741da3d0cb9d00bc583e5acc11db419fd1de61
- SHA256
  
  f86ebcd90755fdc28403d64a74ecb638fcae11d51888acca92975cc72902e2d5
- SHA512
  
  9542dc77487b0abf82bbeff4fd09c35958344855c7825a4b2ce2ee6bd887eb584b7e1c6ea900b1210b130dd70184d5ca66f7a2de7e9e90ef85c403261841840c
- SSDEEP
  
  49152:lb7smSSlM/MByDVR/aFPxB0snxHsgfM+DLHeD:2
Score

10^/10

quasar slave spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarslavespywaretrojan