quasar | 36e9de882ef9c44bf0b55c230ae42233a142f5d416c114221b6bc6db2eb8d9db | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240515-l11eyacb71
MD5

a5ec52e235b51b62737775708aa75b41
SHA1

2fb3d2b31ec5cc4f81d8000ab73e1c42e56d9696
SHA256

36e9de882ef9c44bf0b55c230ae42233a142f5d416c114221b6bc6db2eb8d9db
SHA512

c89a016cae8e27bbc080300834410e72c00279ea74004f52c1c82bb5293c3abdda0b0aa5634b3157cd88bc81acadeeb4e8114789d0dd292273a3d2871ba094dd
SSDEEP

49152:Wv+I22SsaNYfdPBldt698dBcjHR3DkE2HLk/+FMoGdECTHHB72eh2NT:Wvz22SsaNYfdPBldt6+dBcjHR3DMq0

Score

10^/10

quasar final spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240221-en

quasar final spyware trojan

windows7-x64

7 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240508-en

quasar final spyware trojan

windows10-2004-x64

13 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

FINAL

C2

192.168.1.3:4782

0.tcp.ap.ngrok.io:19777

Mutex

07349335-02d4-4e1c-9997-b1ec2161a0e1

Attributes

encryption_key
DE496BF144B8EBE8F8D89996CC77BEE88B0F6BCB
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
GET FUCKED
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  a5ec52e235b51b62737775708aa75b41
- SHA1
  
  2fb3d2b31ec5cc4f81d8000ab73e1c42e56d9696
- SHA256
  
  36e9de882ef9c44bf0b55c230ae42233a142f5d416c114221b6bc6db2eb8d9db
- SHA512
  
  c89a016cae8e27bbc080300834410e72c00279ea74004f52c1c82bb5293c3abdda0b0aa5634b3157cd88bc81acadeeb4e8114789d0dd292273a3d2871ba094dd
- SSDEEP
  
  49152:Wv+I22SsaNYfdPBldt698dBcjHR3DkE2HLk/+FMoGdECTHHB72eh2NT:Wvz22SsaNYfdPBldt6+dBcjHR3DMq0
Score

10^/10

quasar final spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarfinalspywaretrojan

behavioral2

quasarfinalspywaretrojan

© 2018-2024

Terms | Privacy