quasar | dbc30b002dad39a45fdd36c509d854dc931662235886f01ec149cd8cf904ddb5 | Triage

Submit
Reports

Overview

overview

Static

static

ArgonOSINT.exe

windows10-2004-x64

Resubmissions

04-05-2024 05:10

240504-ft619aea3y 10

04-05-2024 05:06

240504-frlbrsdh81 10

Sharing

General

Target

ArgonOSINT.exe
Size

409KB
Sample

240504-ft619aea3y
MD5

c4f70954d48c8653fde31fc63c619fc8
SHA1

c2fe0bc4eab66f6cbf19ab3a80817eba8084982e
SHA256

dbc30b002dad39a45fdd36c509d854dc931662235886f01ec149cd8cf904ddb5
SHA512

1a0db425192d25f1e96ac43a5ae18ff530ef11e2f1526fd6677f4b82b04e212679c347f5647be0d72665e2f587c2824b19d2104c48546eb049ae27fb7470defc
SSDEEP

12288:UpyJcC+x6AoV5l+6KprKF/UV6u4W0pDs:kwd+mDsV6u4g

Score

10^/10

quasar slave spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ArgonOSINT.exe

Resource

win10v2004-20240419-en

quasar slave spyware trojan

windows10-2004-x64

14 signatures

600 seconds

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

Slave

C2

even-lemon.gl.at.ply.gg:33587

Mutex

$Sxr-3vDee7FzoJnhqjuE3n

Attributes

encryption_key
BfQu2aop09VkjugTkmuc
install_name
$sxr-powershell.exe
log_directory
Logs
reconnect_delay
1000
startup_key
$sxr-powershell
subdirectory
Windows

Targets

- Target
  
  ArgonOSINT.exe
- Size
  
  409KB
- MD5
  
  c4f70954d48c8653fde31fc63c619fc8
- SHA1
  
  c2fe0bc4eab66f6cbf19ab3a80817eba8084982e
- SHA256
  
  dbc30b002dad39a45fdd36c509d854dc931662235886f01ec149cd8cf904ddb5
- SHA512
  
  1a0db425192d25f1e96ac43a5ae18ff530ef11e2f1526fd6677f4b82b04e212679c347f5647be0d72665e2f587c2824b19d2104c48546eb049ae27fb7470defc
- SSDEEP
  
  12288:UpyJcC+x6AoV5l+6KprKF/UV6u4W0pDs:kwd+mDsV6u4g
Score

10^/10

quasar slave spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarslavespywaretrojan

© 2018-2024

Terms | Privacy