quasar | 7f9d6d2c44bc60b7bef2e9b8f1ec7bd1eb80a1f5afb70149c43bfe71303379a8 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240512-scftysbd5z
MD5

4801342f49901b8edeb8a1cb7ce58a5d
SHA1

3f9682bf26530588fc93eb6b1bba40e00dc33320
SHA256

7f9d6d2c44bc60b7bef2e9b8f1ec7bd1eb80a1f5afb70149c43bfe71303379a8
SHA512

37d074b96fe0d729ba2bdd27b976655448df89c2dc5461018e57ff0cb4b26f7a3c2795069feea0831f32b434dfdf5c84df231948064064fd809de21f4260cb6e
SSDEEP

49152:6vVt62XlaSFNWPjljiFa2RoUYIjjxNESEHk/iALoGd6THHB72eh2NT:6vn62XlaSFNWPjljiFXRoUYIfxae

Score

10^/10

quasar alp-kanka spyware trojan

Static task

static1

alp-kanka quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240419-en

quasar alp-kanka spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240508-en

quasar alp-kanka spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

alp-kanka

C2

192.168.1.1:4782

Mutex

b4948b57-2f19-4a16-98ad-5a89f56f9f24

Attributes

encryption_key
A09E26E97179D914C9A83695E0FF3065AD4BE793
install_name
jV9QKlmn9O.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Spotify
subdirectory
Client

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  4801342f49901b8edeb8a1cb7ce58a5d
- SHA1
  
  3f9682bf26530588fc93eb6b1bba40e00dc33320
- SHA256
  
  7f9d6d2c44bc60b7bef2e9b8f1ec7bd1eb80a1f5afb70149c43bfe71303379a8
- SHA512
  
  37d074b96fe0d729ba2bdd27b976655448df89c2dc5461018e57ff0cb4b26f7a3c2795069feea0831f32b434dfdf5c84df231948064064fd809de21f4260cb6e
- SSDEEP
  
  49152:6vVt62XlaSFNWPjljiFa2RoUYIjjxNESEHk/iALoGd6THHB72eh2NT:6vn62XlaSFNWPjljiFXRoUYIfxae
Score

10^/10

quasar alp-kanka spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

alp-kankaquasar

behavioral1

quasaralp-kankaspywaretrojan

behavioral2

quasaralp-kankaspywaretrojan

© 2018-2024

Terms | Privacy