quasar | 7655e16003aa8856e7585f5d4b76d39f9e56b784442c9523d9f0b7b9c85b714b | Triage

Submit
Reports

Overview

overview

Static

static

1423a4be11...18.exe

windows7-x64

1423a4be11...18.exe

windows10-2004-x64

Sharing

General

Target

1423a4be112f647fe95730150a842627_JaffaCakes118
Size

348KB
Sample

240504-x3wqbabc44
MD5

1423a4be112f647fe95730150a842627
SHA1

ad705962c70d6d74afc7f69051c809240c1dc7d3
SHA256

7655e16003aa8856e7585f5d4b76d39f9e56b784442c9523d9f0b7b9c85b714b
SHA512

0df8a840711259c5026d20c069e45a996aa92e821ac870d0ae66760617e31ce5feecbdf3b03a16f3945b13df1279c1902c9a46c498b0b235217e127e49157cb0
SSDEEP

6144:b+NHXf500MwDjCTHYr1b8i4YunbL/zMoXDme:6d50sjGoP4YunHAoXDme

Score

10^/10

quasar slave spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1423a4be112f647fe95730150a842627_JaffaCakes118.exe

Resource

win7-20240215-en

quasar slave spyware trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1423a4be112f647fe95730150a842627_JaffaCakes118.exe

Resource

win10v2004-20240226-en

quasar slave spyware trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Slave

C2

134.209.192.40:4782

Mutex

QSR_MUTEX_k8JOK9yrF6X0eZEc1V

Attributes

encryption_key
Mx5vn03LCy6ul2fLffQw
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  1423a4be112f647fe95730150a842627_JaffaCakes118
- Size
  
  348KB
- MD5
  
  1423a4be112f647fe95730150a842627
- SHA1
  
  ad705962c70d6d74afc7f69051c809240c1dc7d3
- SHA256
  
  7655e16003aa8856e7585f5d4b76d39f9e56b784442c9523d9f0b7b9c85b714b
- SHA512
  
  0df8a840711259c5026d20c069e45a996aa92e821ac870d0ae66760617e31ce5feecbdf3b03a16f3945b13df1279c1902c9a46c498b0b235217e127e49157cb0
- SSDEEP
  
  6144:b+NHXf500MwDjCTHYr1b8i4YunbL/zMoXDme:6d50sjGoP4YunHAoXDme
Score

10^/10

quasar slave spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarslavespywaretrojan

behavioral2

quasarslavespywaretrojan

© 2018-2024

Terms | Privacy