quasar | e951c4694fedf30ab2463006ca6364d953a020f32857a7bf441c80bce46a73ed | Triage

Submit
Reports

Overview

overview

Static

static

Uni.exe

windows11-21h2-x64

Sharing

General

Target

Uni.exe
Size

409KB
Sample

240512-jha18aac67
MD5

6cec585594fad8992c606c767265614d
SHA1

741c9fec10c9456c788201c00b13f394f9f6e11e
SHA256

e951c4694fedf30ab2463006ca6364d953a020f32857a7bf441c80bce46a73ed
SHA512

729caa5cce238f31e577e24007c00313cdc94473bde3b8077f97bfca51325aa3b4ebda7d0006ae6e1ff4e7d485b93564e4fa20ef65a090c6ad7e2d04d9445930
SSDEEP

6144:+MfPp5S6M1Xy03BSt2ECdEchMTFqBXgJbWx01ES3kWYrMLQs+b:Ppg6M1iiBSt2httgTmzWXLub

Score

10^/10

quasar seroxen spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Uni.exe

Resource

win11-20240508-en

quasar seroxen spyware trojan

windows11-21h2-x64

19 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

C2

worth-quite.gl.at.ply.gg:45360

Mutex

$Sxr-xPAuDxLNyBmZ7S2WLJ

Attributes

encryption_key
SRcRVh1P6Odn0t1vhXSZ
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SeroXen
subdirectory
SubDir

Targets

- Target
  
  Uni.exe
- Size
  
  409KB
- MD5
  
  6cec585594fad8992c606c767265614d
- SHA1
  
  741c9fec10c9456c788201c00b13f394f9f6e11e
- SHA256
  
  e951c4694fedf30ab2463006ca6364d953a020f32857a7bf441c80bce46a73ed
- SHA512
  
  729caa5cce238f31e577e24007c00313cdc94473bde3b8077f97bfca51325aa3b4ebda7d0006ae6e1ff4e7d485b93564e4fa20ef65a090c6ad7e2d04d9445930
- SSDEEP
  
  6144:+MfPp5S6M1Xy03BSt2ECdEchMTFqBXgJbWx01ES3kWYrMLQs+b:Ppg6M1iiBSt2httgTmzWXLub
Score

10^/10

quasar seroxen spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarseroxenspywaretrojan

© 2018-2024

Terms | Privacy