quasar | 036ccf870c0c626dfab5ff245db67b961d6669af26c3694992b56271a4e979ea | Triage

Submit
Reports

Overview

overview

Static

static

3

4c2035a049...18.exe

windows7-x64

4c2035a049...18.exe

windows10-2004-x64

Sharing

General

Target

4c2035a0494f1e280a9383677f2501fd_JaffaCakes118
Size

6.3MB
Sample

240516-vhkq7sef99
MD5

4c2035a0494f1e280a9383677f2501fd
SHA1

ce190f82c9bdf2652906cafba1a6727e276fd540
SHA256

036ccf870c0c626dfab5ff245db67b961d6669af26c3694992b56271a4e979ea
SHA512

39206b5b9c00ce04bd1e710f0af7f76f4c522d019f55f7c32c62f9973ec12123fd7dd03897e6de3ed925519dcd263f4981ed7d34ee01304642440fbe2a7e0108
SSDEEP

98304:awAwD+xPQPHGGHtWUolKiTQSLQ+NIv9xEDginRBnyecCkyzyNjk:awBAPoHtBoFTQSLQ9VxyyecCLz7

Score

10^/10

quasar syscmd spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4c2035a0494f1e280a9383677f2501fd_JaffaCakes118.exe

Resource

win7-20240221-en

quasar syscmd spyware trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4c2035a0494f1e280a9383677f2501fd_JaffaCakes118.exe

Resource

win10v2004-20240508-en

quasar syscmd spyware trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

SyScmd

C2

91.211.251.108:4782

Mutex

QSR_MUTEX_qwefagr3235weasfefwwef

Attributes

encryption_key
nWKoI3fOkpyNHoDWEE4y
install_name
Update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
syswow
subdirectory
Microsoft\Windows\Update

Targets

- Target
  
  4c2035a0494f1e280a9383677f2501fd_JaffaCakes118
- Size
  
  6.3MB
- MD5
  
  4c2035a0494f1e280a9383677f2501fd
- SHA1
  
  ce190f82c9bdf2652906cafba1a6727e276fd540
- SHA256
  
  036ccf870c0c626dfab5ff245db67b961d6669af26c3694992b56271a4e979ea
- SHA512
  
  39206b5b9c00ce04bd1e710f0af7f76f4c522d019f55f7c32c62f9973ec12123fd7dd03897e6de3ed925519dcd263f4981ed7d34ee01304642440fbe2a7e0108
- SSDEEP
  
  98304:awAwD+xPQPHGGHtWUolKiTQSLQ+NIv9xEDginRBnyecCkyzyNjk:awBAPoHtBoFTQSLQ9VxyyecCLz7
Score

10^/10

quasar syscmd spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarsyscmdspywaretrojan

behavioral2

quasarsyscmdspywaretrojan

© 2018-2024

Terms | Privacy