quasar | fcbc5a9373b2ae956dc3457dfc1a420874b74e8eb2608a18b4af872d081dcdf5 | Triage

Resubmissions

18-05-2024 03:45

240518-ebe95saf69 10

Sharing

General

Target

windowsactivator.bat
Size

3.3MB
Sample

240518-ebe95saf69
MD5

ad2205a76bbb0da48c8a9a08f719ab4a
SHA1

85e6141e85c8aa9fec30185e2c404e7b8eb04ecf
SHA256

fcbc5a9373b2ae956dc3457dfc1a420874b74e8eb2608a18b4af872d081dcdf5
SHA512

999da62f3b0ace84e19044671f74b68e65bb6e844ca01b466c201948e6251f98ba285a6c4a8e966de08bf3cf55f5d5cb5ac72dd111b1ce8374c8d198998448be
SSDEEP

49152:ieZhRUmd8UOahBXe2uA5l8QFsJPj93JFE/zQVsGEd9yMM:it

Score

10^/10

quasar niggger execution spyware trojan

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.4.1

Botnet

Niggger

C2

2600:1700:b1e0:a330:b9ee:2632:e244:9a9:4782

Mutex

2e7c6a16-860e-42fe-9feb-98d63fa4f025

Attributes

encryption_key
D8AAEEC300C8107099917E1DA2F8BCD2181F4CE6
install_name
windowsactivator.exe
log_directory
Logs
reconnect_delay
3000
startup_key
windowsactivator
subdirectory
windowsactivator

Targets

- Target
  
  windowsactivator.bat
- Size
  
  3.3MB
- MD5
  
  ad2205a76bbb0da48c8a9a08f719ab4a
- SHA1
  
  85e6141e85c8aa9fec30185e2c404e7b8eb04ecf
- SHA256
  
  fcbc5a9373b2ae956dc3457dfc1a420874b74e8eb2608a18b4af872d081dcdf5
- SHA512
  
  999da62f3b0ace84e19044671f74b68e65bb6e844ca01b466c201948e6251f98ba285a6c4a8e966de08bf3cf55f5d5cb5ac72dd111b1ce8374c8d198998448be
- SSDEEP
  
  49152:ieZhRUmd8UOahBXe2uA5l8QFsJPj93JFE/zQVsGEd9yMM:it
Score

10^/10

execution quasar niggger spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarnigggerexecutionspywaretrojan