quasar | a3f7f2ee70b5d3b3e04bfa55949327cb2699aa454f22011bb824ebb5a26fdbf9 | Triage

Submit
Reports

Overview

overview

Static

static

3

Loader.exe

windows10-2004-x64

Sharing

General

Target

Loader.exe
Size

25.9MB
Sample

240428-2rae6abd9w
MD5

782550d7758ae90927c850481938a784
SHA1

ec22beb95436c052dc7ae7d9acf227a96bb005bc
SHA256

a3f7f2ee70b5d3b3e04bfa55949327cb2699aa454f22011bb824ebb5a26fdbf9
SHA512

091400ef702f9f6ba2025cb6736833ebe119c91bf9d68b4f3bcf4428266bba63e1368a9aeca6c283795eacdbfeda98e1e33b5c4a935ecd52c6e2a9ccd653c757
SSDEEP

393216:dPWf2uN+JP8PwyqqHwkeY3HnFwKlY3+DbkU0bUf4fetjhoynGycGhuVretCwLzvb:dPDGqqHwkx2K23+DuUwfyj9b5Uvqb

Score

10^/10

quasar xmrig spoofer evasion miner persistence spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win10v2004-20240426-en

quasar xmrig spoofer evasion miner persistence spyware trojan upx

windows10-2004-x64

26 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

spoofer

C2

192.168.1.9:4782

47.13.251.179:4782

Mutex

a3394281-6ed5-43a7-afb3-ef307491a25e

Attributes

encryption_key
1D21D2117C53149BFE9297D912388D2A8EE0417B
install_name
Graphics.exe
log_directory
l
reconnect_delay
3000
startup_key
AMD
subdirectory
AMD

Targets

- Target
  
  Loader.exe
- Size
  
  25.9MB
- MD5
  
  782550d7758ae90927c850481938a784
- SHA1
  
  ec22beb95436c052dc7ae7d9acf227a96bb005bc
- SHA256
  
  a3f7f2ee70b5d3b3e04bfa55949327cb2699aa454f22011bb824ebb5a26fdbf9
- SHA512
  
  091400ef702f9f6ba2025cb6736833ebe119c91bf9d68b4f3bcf4428266bba63e1368a9aeca6c283795eacdbfeda98e1e33b5c4a935ecd52c6e2a9ccd653c757
- SSDEEP
  
  393216:dPWf2uN+JP8PwyqqHwkeY3HnFwKlY3+DbkU0bUf4fetjhoynGycGhuVretCwLzvb:dPDGqqHwkx2K23+DuUwfyj9b5Uvqb
Score

10^/10

quasar xmrig spoofer evasion miner persistence spyware trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarxmrigspooferevasionminerpersistencespywaretrojanupx

© 2018-2024

Terms | Privacy