quasar | 42b218f71d22359c1d67630be541516113e82e3c897c3bb9fd41743406583dfc | Triage

Submit
Reports

Overview

overview

Static

static

3

windows activator.exe

windows11-21h2-x64

Sharing

General

Target

windows activator.exe
Size

6.3MB
Sample

240518-eawkqsae5w
MD5

17031c953e0b0ca9aa96a37721e090c1
SHA1

ce3de870acf307e7761244fd7ee3523c513e844c
SHA256

42b218f71d22359c1d67630be541516113e82e3c897c3bb9fd41743406583dfc
SHA512

8d203439404fd22defa189d0f6d23ed8009b26b72bfbe8c3eb21b464a2d2cd4380bb69ca4c335fce093d8f65489f74cf46a20efdbd3b3f6b6dcedb42e8b4fea6
SSDEEP

49152:fRaU3QDzbAdXO3z0sqPUJg8E9bM/M6FPoE0oolmCNFhg5wo8T:

Score

10^/10

quasar steamhelper execution spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

windows activator.exe

Resource

win11-20240426-en

quasar steamhelper execution spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.4.1

Botnet

SteamHelper

C2

192.168.10.149:4782

Mutex

e4aae33b-e31c-49fd-b689-bef88dbb5ec5

Attributes

encryption_key
AAC6E8ABF533EB37C22C1AA75BAA0CE9F73D90CC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SteamHelper
subdirectory
SteamHelper

Targets

- Target
  
  windows activator.exe
- Size
  
  6.3MB
- MD5
  
  17031c953e0b0ca9aa96a37721e090c1
- SHA1
  
  ce3de870acf307e7761244fd7ee3523c513e844c
- SHA256
  
  42b218f71d22359c1d67630be541516113e82e3c897c3bb9fd41743406583dfc
- SHA512
  
  8d203439404fd22defa189d0f6d23ed8009b26b72bfbe8c3eb21b464a2d2cd4380bb69ca4c335fce093d8f65489f74cf46a20efdbd3b3f6b6dcedb42e8b4fea6
- SSDEEP
  
  49152:fRaU3QDzbAdXO3z0sqPUJg8E9bM/M6FPoE0oolmCNFhg5wo8T:
Score

10^/10

quasar steamhelper execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarsteamhelperexecutionspywaretrojan

© 2018-2024

Terms | Privacy