quasar | 8168236516ecd464c7c004c1d824ace70932b9dd61c9e238256965c33f059583 | Triage

Submit
Reports

Overview

overview

Static

static

8168236516...83.exe

windows7-x64

8168236516...83.exe

windows10-2004-x64

Sharing

General

Target

8168236516ecd464c7c004c1d824ace70932b9dd61c9e238256965c33f059583
Size

3.1MB
Sample

240418-3x742sae48
MD5

c52e8cb313bd0e446cb9607636bbc6ec
SHA1

77d3ca1584e486528e39802449027cd9e8b08b83
SHA256

8168236516ecd464c7c004c1d824ace70932b9dd61c9e238256965c33f059583
SHA512

d8bdbad8a179c74f2479da58af5530782a1683e07ad656b91ee05b0b00daa8008d1e7143b34eae16ef6ef612e1f742832ae9b9167ac2286799075886d1a66a45
SSDEEP

49152:KvWI22SsaNYfdPBldt698dBcjHS5RJ6PbR3LoGdBTHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHS5RJ6h

Score

10^/10

quasar victim spyware trojan

Static task

static1

6 signatures

Behavioral task

behavioral1

Sample

8168236516ecd464c7c004c1d824ace70932b9dd61c9e238256965c33f059583.exe

Resource

win7-20240319-en

quasar victim spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8168236516ecd464c7c004c1d824ace70932b9dd61c9e238256965c33f059583.exe

Resource

win10v2004-20240412-en

quasar victim spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

victim

C2

192.168.56.1:4782

Mutex

f887c652-41ce-4f9e-8a72-52676eb54001

Attributes

encryption_key
194B648FB0D06C59B36705385FF44BFC616F014E
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  8168236516ecd464c7c004c1d824ace70932b9dd61c9e238256965c33f059583
- Size
  
  3.1MB
- MD5
  
  c52e8cb313bd0e446cb9607636bbc6ec
- SHA1
  
  77d3ca1584e486528e39802449027cd9e8b08b83
- SHA256
  
  8168236516ecd464c7c004c1d824ace70932b9dd61c9e238256965c33f059583
- SHA512
  
  d8bdbad8a179c74f2479da58af5530782a1683e07ad656b91ee05b0b00daa8008d1e7143b34eae16ef6ef612e1f742832ae9b9167ac2286799075886d1a66a45
- SSDEEP
  
  49152:KvWI22SsaNYfdPBldt698dBcjHS5RJ6PbR3LoGdBTHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHS5RJ6h
Score

10^/10

quasar victim spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvictimspywaretrojan

behavioral2

quasarvictimspywaretrojan

© 2018-2025

Terms | Privacy