quasar | 272aa33a3e9ff89993ba531faad69af778271e13cab169c863545fdef2a6e4f7 | Triage

Submit
Reports

Overview

overview

Static

static

SynapseX.r...ed.rar

windows11-21h2-x64

Sharing

General

Target

SynapseX.revamaped.rar
Size

160.0MB
Sample

240513-q8849sad34
MD5

3812a5893a2abdea718831baa062b718
SHA1

d92570b364fbb1632630f97d459833f76ec65807
SHA256

272aa33a3e9ff89993ba531faad69af778271e13cab169c863545fdef2a6e4f7
SHA512

9d2a64c840fb4f9e6053b5692fb792c5a9c822f1d46ca6a6317b4a77c6ae7539d3bd3c55593b06aba6ccf319697984f2467cdba2f8d2ec7851f9a59dea4b6f80
SSDEEP

3145728:mpzMB+crhy8Vm/7kNm6kUhA9DxSs8FpSHNnBBnPmKuLTtvfOw2T:mpQB+cD0/7DUh8LBBnPgXtZ2T

Score

10^/10

quasar windows update spyware trojan

Static task

static1

windows update quasar

3 signatures

Behavioral task

behavioral1

Sample

SynapseX.revamaped.rar

Resource

win11-20240426-en

quasar windows update spyware trojan

windows11-21h2-x64

13 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Update

C2

espinyskibidi-29823.portmap.host:29823

Mutex

a94ba996-69af-4720-85e6-f4929c5eb0f8

Attributes

encryption_key
6F721445F7E0B1CF58980D84A9D49F4458D4EFD9
install_name
Update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Update Startup
subdirectory
Windows Update

Targets

- Target
  
  SynapseX.revamaped.rar
- Size
  
  160.0MB
- MD5
  
  3812a5893a2abdea718831baa062b718
- SHA1
  
  d92570b364fbb1632630f97d459833f76ec65807
- SHA256
  
  272aa33a3e9ff89993ba531faad69af778271e13cab169c863545fdef2a6e4f7
- SHA512
  
  9d2a64c840fb4f9e6053b5692fb792c5a9c822f1d46ca6a6317b4a77c6ae7539d3bd3c55593b06aba6ccf319697984f2467cdba2f8d2ec7851f9a59dea4b6f80
- SSDEEP
  
  3145728:mpzMB+crhy8Vm/7kNm6kUhA9DxSs8FpSHNnBBnPmKuLTtvfOw2T:mpQB+cD0/7DUh8LBBnPgXtZ2T
Score

10^/10

quasar windows update spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

windows updatequasar

behavioral1

quasarwindows updatespywaretrojan

© 2018-2024

Terms | Privacy