quasar | defe3d66f022bc223894b56b30aa6075f1341b700d256ab795f95088bae1f7c1 | Triage

Submit
Reports

Overview

overview

Static

static

fc5416311f...18.exe

windows7-x64

fc5416311f...18.exe

windows10-2004-x64

Sharing

General

Target

fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118
Size

3.9MB
Sample

240420-j8as5scd52
MD5

fc5416311f5e64294d3033abef2ae5d7
SHA1

d57361cdd2e1e5cd9c1ab64ba6fa20e977dc3efe
SHA256

defe3d66f022bc223894b56b30aa6075f1341b700d256ab795f95088bae1f7c1
SHA512

c0b41a9630ab63d802d2949fb8e0e2865da62d69bda880dbee3fd31368009f787ffac6b4d5edff5422d0ab66d0040221309447af1d87d4bff1bc0e6da70bb0ee
SSDEEP

98304:3CFNQ00DlHJb9fhTkmYpYNuSZTKA0t9FFPEC8HOolPsliHLhg3arcO8GkfhUcZtI:3CFNQ00DlHJb9fhTkmY6bk9fchHOolPv

Score

10^/10

quasar venom client spyware trojan

Static task

static1

venom client quasar

3 signatures

Behavioral task

behavioral1

Sample

fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118.exe

Resource

win7-20240220-en

quasar venom client spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118.exe

Resource

win10v2004-20240412-en

quasar venom client spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

2.6.0.0

Botnet

Venom Client

C2

127.0.0.1:4782

192.168.1.154:4782

Mutex

u1Cabu0SD85QXhFG45

Attributes

encryption_key
PhBvMV17IAAI7PAlZTmm
install_name
Venom.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Venom Client Startup

Targets

- Target
  
  fc5416311f5e64294d3033abef2ae5d7_JaffaCakes118
- Size
  
  3.9MB
- MD5
  
  fc5416311f5e64294d3033abef2ae5d7
- SHA1
  
  d57361cdd2e1e5cd9c1ab64ba6fa20e977dc3efe
- SHA256
  
  defe3d66f022bc223894b56b30aa6075f1341b700d256ab795f95088bae1f7c1
- SHA512
  
  c0b41a9630ab63d802d2949fb8e0e2865da62d69bda880dbee3fd31368009f787ffac6b4d5edff5422d0ab66d0040221309447af1d87d4bff1bc0e6da70bb0ee
- SSDEEP
  
  98304:3CFNQ00DlHJb9fhTkmYpYNuSZTKA0t9FFPEC8HOolPsliHLhg3arcO8GkfhUcZtI:3CFNQ00DlHJb9fhTkmY6bk9fchHOolPv
Score

10^/10

quasar venom client spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

venom clientquasar

behavioral1

quasarvenom clientspywaretrojan

behavioral2

quasarvenom clientspywaretrojan

© 2018-2024

Terms | Privacy