quasar | b7182ecea0be3db16dba21b00b2dba41f24bc6fe6a6f4b7131a4a420f5e139d0 | Triage

Submit
Reports

Overview

overview

Static

static

1

Loader.bat

windows11-21h2-x64

Sharing

General

Target

Loader.bat
Size

15.5MB
Sample

240428-zy16cahe8x
MD5

28423a8cfd1097bdbf64e841a2c8257a
SHA1

92fb218c0267e5060cb1153aab5f56f669561346
SHA256

b7182ecea0be3db16dba21b00b2dba41f24bc6fe6a6f4b7131a4a420f5e139d0
SHA512

11e47c5c300b24457254c3a2815c744c7dd3fdfaa038d36a5f1220dfe92b5c93ce646257d4105b5a40b83e64237781204db1446eaf413cbcd0f0119e25c0653f
SSDEEP

49152:tVEJF+mCi8R797l/kfuubQ6Pu3AnIVtL/3DuGs/se5Q0t2/Q7TSiRBlt1JtT6mrH:y

Score

10^/10

quasar spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Loader.bat

Resource

win11-20240419-en

quasar spyware trojan

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  Loader.bat
- Size
  
  15.5MB
- MD5
  
  28423a8cfd1097bdbf64e841a2c8257a
- SHA1
  
  92fb218c0267e5060cb1153aab5f56f669561346
- SHA256
  
  b7182ecea0be3db16dba21b00b2dba41f24bc6fe6a6f4b7131a4a420f5e139d0
- SHA512
  
  11e47c5c300b24457254c3a2815c744c7dd3fdfaa038d36a5f1220dfe92b5c93ce646257d4105b5a40b83e64237781204db1446eaf413cbcd0f0119e25c0653f
- SSDEEP
  
  49152:tVEJF+mCi8R797l/kfuubQ6Pu3AnIVtL/3DuGs/se5Q0t2/Q7TSiRBlt1JtT6mrH:y
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarspywaretrojan

© 2018-2024

Terms | Privacy