quasar | 095ee3bb8d267202e56a78f491cc580e358d20f63f8456fe12db424b2ddc010e | Triage

Submit
Reports

Overview

overview

Static

static

1

ImageLogge...24.bat

windows7-x64

7

ImageLogge...24.bat

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ImageLogger Generator v2.24.bat
Size

12.6MB
Sample

240418-2nnhlsha44
MD5

ae574bd7f7a0002bea0d461a4aa23623
SHA1

0aac1c4a7a864e6e45e6268f13872d401827f3b3
SHA256

095ee3bb8d267202e56a78f491cc580e358d20f63f8456fe12db424b2ddc010e
SHA512

289380180a7c6d4023edc0387100876159be69363cd87394527544922a8a0a0ba5a4cd89ee68ff88934e8c218f220220cbfc736e63fb1692e649217965e70cb9
SSDEEP

49152:/eVfbDQ8+28jjGs/uX0lNU3FdeYbrLpm11yPrq3DRKs806GX/2C5ErXlf7/XJaLh:n

Score

10^/10

quasar zgrat rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

ImageLogger Generator v2.24.bat

Resource

win7-20240221-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ImageLogger Generator v2.24.bat

Resource

win10v2004-20240412-en

quasar zgrat rat spyware trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  ImageLogger Generator v2.24.bat
- Size
  
  12.6MB
- MD5
  
  ae574bd7f7a0002bea0d461a4aa23623
- SHA1
  
  0aac1c4a7a864e6e45e6268f13872d401827f3b3
- SHA256
  
  095ee3bb8d267202e56a78f491cc580e358d20f63f8456fe12db424b2ddc010e
- SHA512
  
  289380180a7c6d4023edc0387100876159be69363cd87394527544922a8a0a0ba5a4cd89ee68ff88934e8c218f220220cbfc736e63fb1692e649217965e70cb9
- SSDEEP
  
  49152:/eVfbDQ8+28jjGs/uX0lNU3FdeYbrLpm11yPrq3DRKs806GX/2C5ErXlf7/XJaLh:n
Score

10^/10

quasar zgrat rat spyware trojan
- Detect ZGRat V1
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarzgratratspywaretrojan

© 2018-2025

Terms | Privacy