quasar | 08f02ffe7eeff88badfd144cf74b3b3fbd7319b1c31f6f72b7aeda5613020bbc | Triage

Submit
Reports

Overview

overview

Static

static

Client.exe

windows7-x64

Client.exe

windows10-2004-x64

Sharing

General

Target

Client.exe
Size

3.1MB
Sample

240513-vazkdsed9y
MD5

f4d2c8d8d68a3498b8c35174f5f30aa8
SHA1

c0122df8b964874689ef0b22846719af39c02713
SHA256

08f02ffe7eeff88badfd144cf74b3b3fbd7319b1c31f6f72b7aeda5613020bbc
SHA512

14bbc1dfda168567392cac4311279ea9271d531f143fe5e5c015d509829dff4312ea45b413111a507f0f1baa8037ec6c98a0be09a38dd6f5f22e90768fb3ae8b
SSDEEP

49152:agwNiXIBaIGNydScbKPLhtJ6IX2cCDXsch9HHBE2VhGNT:Hci4BjScb+FtoIX2R

Score

10^/10

quasar spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client.exe

Resource

win7-20240221-en

quasar spyware trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client.exe

Resource

win10v2004-20240508-en

quasar spyware trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Targets

- Target
  
  Client.exe
- Size
  
  3.1MB
- MD5
  
  f4d2c8d8d68a3498b8c35174f5f30aa8
- SHA1
  
  c0122df8b964874689ef0b22846719af39c02713
- SHA256
  
  08f02ffe7eeff88badfd144cf74b3b3fbd7319b1c31f6f72b7aeda5613020bbc
- SHA512
  
  14bbc1dfda168567392cac4311279ea9271d531f143fe5e5c015d509829dff4312ea45b413111a507f0f1baa8037ec6c98a0be09a38dd6f5f22e90768fb3ae8b
- SSDEEP
  
  49152:agwNiXIBaIGNydScbKPLhtJ6IX2cCDXsch9HHBE2VhGNT:Hci4BjScb+FtoIX2R
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarspywaretrojan

behavioral2

quasarspywaretrojan

© 2018-2024

Terms | Privacy