quasar | 41216ba83eddf1b01197fb44abbb24e8a83389862a843e6c78ae6a0f9474be34 | Triage

Sharing

General

Target

video.bat
Size

1.8MB
Sample

240517-vzv89sad89
MD5

3e23287bf7024e118f144018b5c6ee51
SHA1

e5c30a22a6b46400520809133e02ab824e6f1d8c
SHA256

41216ba83eddf1b01197fb44abbb24e8a83389862a843e6c78ae6a0f9474be34
SHA512

bd5644d745e159b56e67a9ff21390e9bfcbadd2b69530697dce6a8728af029c8d4d6712fe64975b8cde5fe574305b2a8c683c3f80602ec66d4f9a036a7e9fd06
SSDEEP

24576:nFqcE/6HOYP8eW5fvoUjBEcHvlstN2DzKlIBzmfvz/LKkROe5WkEsdov9eAvfGiA:nF0YPtAfv3qzym9ov9KJ

Score

10^/10

quasar phantom execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Phantom

C2

even-lemon.gl.at.ply.gg:33587

Mutex

db128a32-6a0f-4592-bc4d-39d508fbe456

Attributes

encryption_key
04017BC2FE671A38FED74363CF7D888C6B8DA217
install_name
$phantom-powershell.exe
log_directory
PHANTOM
reconnect_delay
3000
startup_key
$phantom-powershell
subdirectory
$phantom-phantom2

Targets

- Target
  
  video.bat
- Size
  
  1.8MB
- MD5
  
  3e23287bf7024e118f144018b5c6ee51
- SHA1
  
  e5c30a22a6b46400520809133e02ab824e6f1d8c
- SHA256
  
  41216ba83eddf1b01197fb44abbb24e8a83389862a843e6c78ae6a0f9474be34
- SHA512
  
  bd5644d745e159b56e67a9ff21390e9bfcbadd2b69530697dce6a8728af029c8d4d6712fe64975b8cde5fe574305b2a8c683c3f80602ec66d4f9a036a7e9fd06
- SSDEEP
  
  24576:nFqcE/6HOYP8eW5fvoUjBEcHvlstN2DzKlIBzmfvz/LKkROe5WkEsdov9eAvfGiA:nF0YPtAfv3qzym9ov9KJ
Score

10^/10

quasar phantom execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarphantomexecutionspywaretrojan

behavioral2

quasarphantomexecutionspywaretrojan

behavioral3

quasarphantomexecutionspywaretrojan