quasar | afc06cb65deb7e660670f44bda2eba95f70027839af32c8cde73a8c2046defdf | Triage

Submit
Reports

Overview

overview

Static

static

1

free robux...or.bat

windows11-21h2-x64

Sharing

General

Target

free robux generator.bat
Size

3.1MB
Sample

240518-ebg4qsaf73
MD5

72b1a465644baecf1aa2f2b82cd034e8
SHA1

907d5435fdb7e21203d78a46df4e8cd1cde87862
SHA256

afc06cb65deb7e660670f44bda2eba95f70027839af32c8cde73a8c2046defdf
SHA512

ea0a07230ca4098a983d957672e3a4d9076182b4277a78c9f1784267ed85d0b95e138da8c9d2805cbbd165b8aacb976525d84cfaefe82039b20f5aa95cadd0cb
SSDEEP

49152:q0Dm/oy4YRfn6yr0JhFedHKiV/bAPO6TXeX5jJlbG6FEOSboX:WX

Score

10^/10

quasar steamhelper execution spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

free robux generator.bat

Resource

win11-20240426-en

quasar steamhelper execution spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.4.1

Botnet

SteamHelper

C2

192.168.10.149:4782

Mutex

e4aae33b-e31c-49fd-b689-bef88dbb5ec5

Attributes

encryption_key
AAC6E8ABF533EB37C22C1AA75BAA0CE9F73D90CC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SteamHelper
subdirectory
SteamHelper

Targets

- Target
  
  free robux generator.bat
- Size
  
  3.1MB
- MD5
  
  72b1a465644baecf1aa2f2b82cd034e8
- SHA1
  
  907d5435fdb7e21203d78a46df4e8cd1cde87862
- SHA256
  
  afc06cb65deb7e660670f44bda2eba95f70027839af32c8cde73a8c2046defdf
- SHA512
  
  ea0a07230ca4098a983d957672e3a4d9076182b4277a78c9f1784267ed85d0b95e138da8c9d2805cbbd165b8aacb976525d84cfaefe82039b20f5aa95cadd0cb
- SSDEEP
  
  49152:q0Dm/oy4YRfn6yr0JhFedHKiV/bAPO6TXeX5jJlbG6FEOSboX:WX
Score

10^/10

quasar steamhelper execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarsteamhelperexecutionspywaretrojan

© 2018-2024

Terms | Privacy