quasar | 1f1ad9c1f639326946f39129cb9ff5015669a0a3dd9e21db07163fb48cb6b709

Sharing

Copy URL

Twitter E-mail

General

Target

ZenStudio.exe
Size

17.2MB
Sample

240503-wfdesafa77
MD5

2b8322f747ed7623d698c524ccf2ea16
SHA1

fae3a00cd6334cee7e793aa6bb56bffc45c0bca0
SHA256

1f1ad9c1f639326946f39129cb9ff5015669a0a3dd9e21db07163fb48cb6b709
SHA512

e1a3070b760cd7999339a21e72618b7614c1b26bf5b2acbbdfd45c27eb115d0d566fa5d835cf505d274025366a2a474450bd49b3607340cf52731c7f26e784e4
SSDEEP

393216:DaLCsFu4++WuIuffxPvMFQFgs20pHOMOv59/dWnnETyNS0yRMtEX:DaBIETfMMuMWHlo9vyrX

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.1.116:4782

Mutex

f55cb366-2131-4b43-b653-b1dfe19ea719

Attributes

encryption_key
2209A46D68E2D7B07274489E0B5E4FBE909ACAFC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
SubDir

Targets

- Target
  
  ZenStudio.exe
- Size
  
  17.2MB
- MD5
  
  2b8322f747ed7623d698c524ccf2ea16
- SHA1
  
  fae3a00cd6334cee7e793aa6bb56bffc45c0bca0
- SHA256
  
  1f1ad9c1f639326946f39129cb9ff5015669a0a3dd9e21db07163fb48cb6b709
- SHA512
  
  e1a3070b760cd7999339a21e72618b7614c1b26bf5b2acbbdfd45c27eb115d0d566fa5d835cf505d274025366a2a474450bd49b3607340cf52731c7f26e784e4
- SSDEEP
  
  393216:DaLCsFu4++WuIuffxPvMFQFgs20pHOMOv59/dWnnETyNS0yRMtEX:DaBIETfMMuMWHlo9vyrX
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1
- Target
  
  $PLUGINSDIR/DotNetChecker.dll
- Size
  
  95KB
- MD5
  
  90707abc35ad1a925b128527ac974989
- SHA1
  
  47d0d433e513f0cceccb23b2522c7bc82d634691
- SHA256
  
  8c1879e3e0855e6c22134b8cbb0986b97eb270fdddf8536be2afa18aa9344a4d
- SHA512
  
  7cb2cce6c63210fe9abb2ba5d4e0e2a130f2c3c69ab02502d68e427a3d02b8822dbfbdc132899806f31740f44023922d3815629ab051aa01b5d829a419dd7f31
- SSDEEP
  
  1536:ak08SEy8YXsNZHPj08Ohealn/NJy1Y7WhdHNwbsW/Bcdhuh4P6a8QJ:vSEy8tj08OhB/NcHyRwhi4P67QJ
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  d095b082b7c5ba4665d40d9c5042af6d
- SHA1
  
  2220277304af105ca6c56219f56f04e894b28d27
- SHA256
  
  b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
- SHA512
  
  61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
- SSDEEP
  
  192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/SelfDel.dll
- Size
  
  5KB
- MD5
  
  e5786e8703d651bc8bd4bfecf46d3844
- SHA1
  
  fee5aa4b325deecbf69ccb6eadd89bd5ae59723f
- SHA256
  
  d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774
- SHA512
  
  d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3
- SSDEEP
  
  96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  a8c86996c4230c2209f5927f21321377
- SHA1
  
  45ce0ab93cb6a3a594e54878cce05df724024393
- SHA256
  
  110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855
- SHA512
  
  69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3
- SSDEEP
  
  96:mIt3J2Gl0eVe0+Cfo0UkXt6+o69UiGdPh5/utta/23lkCTcaqHCI:bhE+A0+sF6piUFkAylncviI
Score

3^/10
behavioral5
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral6
- Target
  
  $PLUGINSDIR/nsisdl.dll
- Size
  
  15KB
- MD5
  
  05f72d6a944e701217ef2eb2cc13e0ee
- SHA1
  
  fac99c39150ae484e4b3e0af2f4be86bb1835dde
- SHA256
  
  aab28914794a1cdda4561e9f2af3e006dbed220d9d6bfe049b56d0cb9b783648
- SHA512
  
  c87e783fc169ef01ac0d3ce29fbfbf349a2e22329df9203a1443cc2caebbe7f8282c0754740289ecca534951cb7e574bafef9ccbaa0da7c287109920ec9573eb
- SSDEEP
  
  384:hRy180+1ygVaLfKgcIno1gEBWZwCUKihb:hRy180+HSegEBWyQih
Score

3^/10
behavioral7
- Target
  
  ZenStudio.exe
- Size
  
  19.6MB
- MD5
  
  1fae469528fcc28ec48eb939b39f8a69
- SHA1
  
  21f3642dbc8a5b7bd60cd285490f119aacdaa1a8
- SHA256
  
  49e2e48406ae2b43df1e04c20c2fd13b9b25d7d16eb07bfe268f471ee755208c
- SHA512
  
  16eb03db6c71770be6b142949f1eaee6ffd5839543d781b8870455cde089db643538c3ed12c2e03da43ec1e4a71ed0454343e23915a2ead9dcb0ff09432f17c1
- SSDEEP
  
  393216:vM13RE6vuMqY6WIm9FzFfKTIX8g2JnniEMbvJBvoFzENUZM2Ez05Ts:vM13BmS7FYniEGRliNFE8s
Score

1^/10
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

ACProtect 1.3x - 1.4x DLL software

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8