quasar | 55dd41e0614ba9b4406c926cc1fd970351d14d11552f3a85d522af46b0a49e46

Sharing

Copy URL

Twitter E-mail

General

Target

SynapseX.revamaped.V1.2.rar
Size

160.0MB
Sample

240517-w7g72sch88
MD5

cd5ec11c593656d4106791c71663b56a
SHA1

bd9987f8d1c6f44a35e37cb9fcc14d0bd8d430e6
SHA256

55dd41e0614ba9b4406c926cc1fd970351d14d11552f3a85d522af46b0a49e46
SHA512

63efb6ed75253c0b016649da1964225ce55c85a7051ff898556b09483ef1e2a6f63f721797b8a92595b4830a1fe34f02236a9f59680014181a6a7c09eaa41d9a
SSDEEP

3145728:SXqMQ+crhy8Vm/7kNm6kUhA9DxSs8FpSHNnIBnPmKuLT8gf/c2W:SXtQ+cD0/7DUh8LIBnPgX8B2W

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Update

skbidiooiilet-31205.portmap.host:31205

Mutex

7357b58d-e5d4-42be-8b74-db6eee6cde6d

Attributes

encryption_key
6F721445F7E0B1CF58980D84A9D49F4458D4EFD9
install_name
Update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
Windows Update

Targets

- Target
  
  SynapseX revamaped V1.2/Synapse X Launcher.exe
- Size
  
  3.1MB
- MD5
  
  1a1fda92143e414b4d4153ab05dd1ce8
- SHA1
  
  33ac2b2d228a1ec93b0ea70ffadb436933b9a1e5
- SHA256
  
  f0160a1f7a39862e14063ac468957559656405f51d97ad56dc7cff9ad34da9f1
- SHA512
  
  70a9a6948f98f3bdc2c7b461634098347bdf683dec36fa92bd1ac652f72daf7fa01f842cbb8331f26c9c5f76907604f75f7c45b746bcfe8f395b3864f998f391
- SSDEEP
  
  49152:VvnI22SsaNYfdPBldt698dBcjHOaRJ6HbR3LoGddPkTHHB72eh2NT:VvI22SsaNYfdPBldt6+dBcjHOaRJ6Zd
Score

10^/10

quasar windows update spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  SynapseX revamaped V1.2/bin/359k6u5HUNL4tEk.exe
- Size
  
  2.4MB
- MD5
  
  027834b2ebc7f1b02143d8e7f8c17aab
- SHA1
  
  c4d19cab893e0fcb19d5de25e26e441faceb88ee
- SHA256
  
  5b740dd5064d571eb065d94e252b11dd2c5ff0f82e7932c06c4acfd55e5a0cb1
- SHA512
  
  0c87b7ddc9ec8b32ed9a787cb633d232cca78cb58d0b42fe2ffc7206498d2121c608b45b6f5cc696cf96d2b771385036abfb2b19b6d1a6d6d133dc7a867af353
- SSDEEP
  
  49152:P2TxAt739Kik+gzh+VWNBmsXn1JObl7J6fDKz0vqsS8+5wYAeU3ki65n3e2:nh39KhrykBmsnOL6L40/S83sx
Score

1^/10
behavioral3 behavioral4
- Target
  
  SynapseX revamaped V1.2/bin/CefSharp.BrowserSubprocess.Core.dll
- Size
  
  912KB
- MD5
  
  67e9fdff12286ad0ff11aa7e8a7775d9
- SHA1
  
  245ec015e953bb395cf5d1e4f54804166daeaf68
- SHA256
  
  b184f42ad13993a963700ad40400d401e398a46f72056f5907b6acdff986c63d
- SHA512
  
  42c068e0b157fa5bd9ec9be977c1ec44712fc78909efb64961dc1e34d6c7fccc7af6bb685e847f32da9fe9124a215ad3adea08317279851c8ffd2761a3b47870
- SSDEEP
  
  24576:uVK+vDCBGb9UKpUzXoiYehQspQ8SdWHubiWyzIrQK0OXPOlNce+pi:RcUKpUzXoiYehQspQ8SdWHubiWyzIrQO
Score

3^/10
behavioral5 behavioral6
- Target
  
  SynapseX revamaped V1.2/bin/CefSharp.BrowserSubprocess.exe
- Size
  
  7KB
- MD5
  
  1687e4430649fdd4fde98a120f992836
- SHA1
  
  fd7227e15928bee5335772cd72dba0047f6d06ce
- SHA256
  
  5b0d7eec5ae0f5af562ec02611dbaadbfba6b308ba0345cb19b30a0a84f937a7
- SHA512
  
  a6c3b0db67a4f27a37ee2b9302752c2094015bcca9a006561805fbe93f178e163e47501bc3c2c120cb8469a7985d69533020f9d736e6409e31fdc1084e279f4d
- SSDEEP
  
  96:JHxBI7lEsmQBDs93z5ZzFZOIaetmA/Nt61OYcXei+U:JRBIWsmQB63z3zFZVsAYcXeU
Score

1^/10
behavioral7 behavioral8
- Target
  
  SynapseX revamaped V1.2/bin/CefSharp.Core.dll
- Size
  
  1.3MB
- MD5
  
  a44554d38b7a25a7ab2320fe731c5298
- SHA1
  
  c287a88fd3a064b387888f4bbc37a0630c877253
- SHA256
  
  35980974bdba6d5dd6a4dc1072e33aab77f72f56c46779cb0216e4801dcc36ab
- SHA512
  
  bd8956b7e8ca6d1129fbbb950dd913183b3e92601c2c900aed26d695782e4663654ac57074e1f0f2efcf9cced969487162910dc9bb52b42572d61994b07f2aad
- SSDEEP
  
  24576:yXIdphyvfDVKyFnp89jCbBNr0s7HQAqcwYhPolDexla9e6dhkOi0nK+++evP4ZcC:HsJKyzNr0s7HQAqcwYhPolDexla9e6dp
Score

3^/10
behavioral10 behavioral9
- Target
  
  SynapseX revamaped V1.2/bin/CefSharp.Wpf.dll
- Size
  
  83KB
- MD5
  
  1533d9b2ed991ad4fecef548dc762565
- SHA1
  
  7a0664cc6bdc5ffd23c4aba43fa7b2acdfe949f4
- SHA256
  
  8e6e874d51f654c1c081cd1658a2e4ad8e3b92e74f9406e8c4eb34d354ab8791
- SHA512
  
  710677d3c6ebff9da638d22a3ae800eb12ba947aad9acb4e42f9e9268ade1b8dde680b4aa135121851285943aecc0fc9be85c5ca8a269d6857b35e905c7b7c12
- SSDEEP
  
  1536:VdX1kcRoMy1tkZBjxQVhfcmzedNTppNCSyh1FPmyGx8Nge8Fu/mGmDtcOd:VdFLoMk24ClwNge8FPGMf
Score

1^/10
behavioral11 behavioral12
- Target
  
  SynapseX revamaped V1.2/bin/CefSharp.dll
- Size
  
  219KB
- MD5
  
  92defcf3ee31db03999e8ea41742f8f8
- SHA1
  
  2d5a94c029e1ac0df07a2055f03ca3d77ceb76b6
- SHA256
  
  d3873ec8cf9a80b3b5691445cd0f6d2a38f5a2432864d7fa372b751bad54e891
- SHA512
  
  d58f4c6bf526ed5e19bbb9c36db8fa192c63eb770b8bb5cebef0e1baf69d35ec3e1367062b9d2af9aa654d97e9cdcecca9c12bc73d9097c38a9c7e6dc11f103a
- SSDEEP
  
  3072:dLU+ln+doWgHRVIceekE8Nb3+hwx6vOc5jOpP6AOSrzHnZpy:Rh+dYI4dwx6Oc5MPPpH
Score

1^/10
behavioral13 behavioral14
- Target
  
  SynapseX revamaped V1.2/bin/Editor.html
- Size
  
  2KB
- MD5
  
  485f27d7faac7ec77e02be39737cc9a4
- SHA1
  
  55722137ae4b2636a31ff7f42537133e7d7b40f0
- SHA256
  
  cf65942ebe2cd8e704cf83dbac9fef38cd714219d0e068707b314d69fb1f3f74
- SHA512
  
  001343387aebf0039c6359e81b64bd9630353d997ee78669c9b535905c90663691d5ad965911ed3b5e0967e2ad32e9d270d7623a879bffdc77ab1d5f4c9fcf0d
Score

1^/10
behavioral15 behavioral16
- Target
  
  SynapseX revamaped V1.2/bin/JTYGLdAQoGLS.dll
- Size
  
  105.4MB
- MD5
  
  1010143952121d7bd02554d1b3a82315
- SHA1
  
  312bb88c173170505eb473592d4303e6b22c8a2c
- SHA256
  
  780ce27d48318911dfabe5111970b2256e6a179730d992f927e7486b6af4ad41
- SHA512
  
  c4687777ae5f37abdc85ec30b5a4a0b6e202bb56e2883c62a6a75c898bb26d54f11ca7dc3dce0ca42242838de5e27e5d0fe17dfdcfc3db5f8c59140e92eaa5db
- SSDEEP
  
  1572864:DnWGag30Nn6vX+CK2ravtqijSQBj5NZy/h3meg4lWbJiLGOglBLnR5s409P7pq:DnWGatNn+tStqijSQBj5yPfWbcgjSXc
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral17 behavioral18
- Target
  
  SynapseX revamaped V1.2/bin/OoxIi8qtt.exe
- Size
  
  1.1MB
- MD5
  
  a48d6b525da2501d8ec661f2f2f1b0e8
- SHA1
  
  5737e465e5ffbed6b51e6775b5e05b5769f89e6b
- SHA256
  
  a6e52cc20913ae168b7dcbb923ea8cd7bdda93e43399ec22a85dabfab14ddf3a
- SHA512
  
  3cf1d6acbf1a3c3e99739af505b57aef7e8db5a2a84db2310c1d6490a097e11065510d2aaaac6ea71fd226b421d87be216993528e245e0bdee9b6000e68e32ab
- SSDEEP
  
  24576:5EvX2R7XLISXF8ElQlt8K9MlOZNsST2R7:qvX2VLIS2Jt89LST2
Score

1^/10
behavioral19 behavioral20
- Target
  
  SynapseX revamaped V1.2/bin/SynapseInjector.dll
- Size
  
  6.0MB
- MD5
  
  9b248dfff1d2b73fd639324741fe2e08
- SHA1
  
  e82684cd6858a6712eff69ace1707b3bcd464105
- SHA256
  
  39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e
- SHA512
  
  56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c
- SSDEEP
  
  98304:whgYUp+QvBY2uccY07B1nG9CHvaxFNErtcKXc17TEBT0VBTFX3NwwJqOft:w2j8YCRGEP0iOvuT0FXKwt
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
behavioral21 behavioral22
- Target
  
  SynapseX revamaped V1.2/bin/chrome_elf.dll
- Size
  
  788KB
- MD5
  
  6499ea6b92ab4971886bd06c12625819
- SHA1
  
  5ebb75eeca7625b9511233158a02f50a92867a39
- SHA256
  
  6820f276c0d71557a0c7b997fd2f4a3ac6a45c86454c4dc3bcfa29843b5c470b
- SHA512
  
  e57703730e42eb9d80e762337e08176705b349f54fbd429edc657d44c9dc3a1f9ccfa594bc3ef622798aebb5bc69b225abb266b00f9b350ae59f734c2f31f63d
- SSDEEP
  
  12288:bCr6Tisy+fUv6cwQhl0j+iBQIR+ybWlkkswiS1cVlqoKe9+nIMQbNt:Wr6Tisy+fUv6cwQhlcbWFi8iDjD
Score

1^/10
behavioral23 behavioral24
- Target
  
  SynapseX revamaped V1.2/bin/d3dcompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  f76b1d2cd95385b21e61874761ddb53a
- SHA1
  
  e5219dc55dcd6b8643e3920ad21d0640fd714383
- SHA256
  
  8bf0eeb5081d8397e2f84f69449c8a80d9c0cdcf82bcef7a484309046adcb081
- SHA512
  
  8e5c6541bbea6730c4f6392439454f516d56ac9ad6d6b55336e52361cc80a35fbed8a90d58020d92fa4ac9fcfeee6c280754a9e99cc32bae901b00306626e69f
- SSDEEP
  
  49152:fjmJAksRXmBNgC9ITPPE8WHmy0HRZ+kyOzDJn5c5v5H3pqC23u6q+25omPEyXzjl:fy2Ckrj+kyOv2MJ+6q8kbqS/Ai
Score

3^/10
behavioral25
- Target
  
  SynapseX revamaped V1.2/bin/libEGL.dll
- Size
  
  306KB
- MD5
  
  a6bff6c3e64d7e0b93361c7696783e96
- SHA1
  
  b86339ad28e87c523b6c8bf9ff8787d5d390bd51
- SHA256
  
  f808b62775fd4a422e4fcff733ef185e7846e76c533e464cfeaddc96a25a8887
- SHA512
  
  c271243438ba54f27d6bd02d38ba4620199fda0ba9b373bfb7522fd128fc32e4028ff9ef9e02668f78c0f86446af3b3a4f8fcc2263e53301553f9a140816e65f
- SSDEEP
  
  6144:wfGwxWv6tN2phvpaKHBvb5ZzaYudGGWMfe/tpEEfh8odAcHH6cG:w+wxWyn2pFvb5ZzIsGWMfe/TtSodVn6c
Score

1^/10
behavioral26 behavioral27
- Target
  
  SynapseX revamaped V1.2/bin/libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  48bd3bf564d6592417ee5cae16e34e6e
- SHA1
  
  f29f91d5863be99267cec7bbe8cb51159a7a3adf
- SHA256
  
  53a7ea40cd589683dfb57ee0f187d6f3e373b2df5a3e0129c41a5c1e7de5d0c0
- SHA512
  
  c9da5cc25b29bf1b5cdc3de42650e6d893ae89b8451fb67a8a1e4f5df9d71d503b5e010a17540d46e96c1244d58c2490f0b8d5380a98337cbb7bf13b69101683
- SSDEEP
  
  98304:+/p3sY6QaLuk1s0EU0qf8zRfU4WIIIMBtLLdAr16KH57wemx7+lw:E36QffqfGpU4WIyFLdoEQWk
Score

3^/10
behavioral28 behavioral29
- Target
  
  SynapseX revamaped V1.2/bin/libcef.dll
- Size
  
  96.9MB
- MD5
  
  8c51876f1b5dfbf4964732a65c1f2724
- SHA1
  
  ed5653a3a5655ba65d6221285da93799bd2517f9
- SHA256
  
  5ae7eff0a7b91e54d211046111d088ed8820793c97ee689f20371c356af6b46e
- SHA512
  
  a4bb49b64b58767fcaf5b3b889a63c0917d56c59dd48283539903a6856caf69c5ce35655e68ef8bdad1e9bc80002fd2f68fc1e46977ba68926f7a731904a7884
- SSDEEP
  
  1572864:lb59MmGrsAYmjVqbriV20b2JNBXL2k3E15gwfIydR+RP9FmBi53BpKs0G0e9qMLX:X9MuMjUH62J6Sw/sM6
Score

1^/10
behavioral30 behavioral31
- Target
  
  SynapseX revamaped V1.2/bin/lua-decomp.exe
- Size
  
  4.4MB
- MD5
  
  df95aa5c0c116c58daf0beae25edb914
- SHA1
  
  51ad4aede462038558df0160a27136b381777431
- SHA256
  
  cb4ee2eae0915f38fbdf75c3683933d202b306e2aa704a02cbd344ead03a037f
- SHA512
  
  9456eae67d523adddd132bb60b93022535f2590b6e622cffd63dd455a387000201f8ac2c4634d69bfa1ca5c00571d43b1f1e29625dad958503c84c742bc12501
- SSDEEP
  
  98304:r9EvGpryZvhmgPoYBjkjBpa1WjB51FVdj0voaYV:r9EWIvrdBjkje1Y51FVdjwYV
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Checks computer location settings

Executes dropped EXE

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks whether UAC is enabled

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks whether UAC is enabled

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32