quasar | cc3c38fdbee488c38a9b02ddffa45daeae772b39fab015d2919e4254cc98d265

General

Target

SteamFixer.bat
Size

1.8MB
Sample

240512-v131habb59
MD5

5fec429b3199a0a1a80641b4ad36038e
SHA1

7bf0ec7986d34c00258abb832dec9b04198e3f9a
SHA256

cc3c38fdbee488c38a9b02ddffa45daeae772b39fab015d2919e4254cc98d265
SHA512

cd62e1b154ca822543aaaa1250c2f61220d66507b0fd531dd2e56aadc73053ba00bd893e55d11135a6fe7aa166a8e80087038dc74a5f9ff256b0812b4de4cc0c
SSDEEP

24576:gZejbH1GKwNUfuuzANOANVQ6AZ7PekjzU7tCOkaF4Ui/khlEGLfskhaoONK8Ggrv:gSOwWpNVQBK413/Mu518sx

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Shiba

C2

address-penetration.gl.at.ply.gg:46802

Mutex

c781d19d-001c-4ffe-ab22-07398f82437d

Attributes

encryption_key
A88D7FED7F655EBDC4F99C21BAE5EC62300AADC7
install_name
$sxr-insta.exe
log_directory
$sxr-logs
reconnect_delay
1000
startup_key
$sxr-mstha
subdirectory
$sxr-start

Targets

- Target
  
  SteamFixer.bat
- Size
  
  1.8MB
- MD5
  
  5fec429b3199a0a1a80641b4ad36038e
- SHA1
  
  7bf0ec7986d34c00258abb832dec9b04198e3f9a
- SHA256
  
  cc3c38fdbee488c38a9b02ddffa45daeae772b39fab015d2919e4254cc98d265
- SHA512
  
  cd62e1b154ca822543aaaa1250c2f61220d66507b0fd531dd2e56aadc73053ba00bd893e55d11135a6fe7aa166a8e80087038dc74a5f9ff256b0812b4de4cc0c
- SSDEEP
  
  24576:gZejbH1GKwNUfuuzANOANVQ6AZ7PekjzU7tCOkaF4Ui/khlEGLfskhaoONK8Ggrv:gSOwWpNVQBK413/Mu518sx
Score

10^/10

quasar shiba execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2